woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Robert Swiecki 2017-05-06 22:38:09 +02:00
parent 46010aa443
commit 322f414ccb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -1,5 +1,5 @@
- [What is it?](#what-is-it-)
- [What form of isolation does it provide?](#what-type-of-isolation-does-this-tool-provide-)
- [What forms of isolation does it provide?](#what-forms-of-isolation-does-this-tool-provide-)
- [Which use-cases are supported?](#which-use-cases-are-supported)
* [Isolation of network services (inetd-style)](#isolation-of-network-services--inetd-style)
* [Isolation, with access to a private, cloned interface (requires euid==0)](#isolation--with-access-to-a-private--cloned-interface--requires-euid--0)
@ -23,7 +23,7 @@ Features:
* Can use [kafel seccomp-bpf configuration language](https://github.com/google/kafel/) for syscall policy creation.
* It's rock-solid.
### WHAT TYPE OF ISOLATION DOES THIS TOOL PROVIDE?
### WHAT FORMS OF ISOLATION DOES THIS TOOL PROVIDE?
1. Linux namespaces: UTS (hostname), MOUNT (chroot), PID (separate PID tree), IPC, NET (separate networking context), USER
2. FS constraints: chroot(), pivot_root(), RO-remounting
3. Resource limits (wall-time/CPU time limits, VM/mem address space limits, etc.)