woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

index.md

Browse Source
This commit is contained in:
Robert Swiecki 2017-06-16 12:03:31 +02:00
parent ed2bb8a46a
commit 4f1a6aead2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -35,11 +35,11 @@ Features:
***
### What forms of isolation does it provide
1. Linux __namespaces__: UTS (hostname), MOUNT (chroot), PID (separate PID tree), IPC, NET (separate networking context), USER
2. __FS constraints__: chroot(), pivot_root(), RO-remounting
1. Linux __namespaces__: UTS (hostname), MOUNT (chroot), PID (separate PID tree), IPC, NET (separate networking context), USER, CGROUPS
2. __FS constraints__: chroot(), pivot_root(), RO-remounting, custom ```/proc``` and ```tmpfs``` mount points
3. __Resource limits__ (wall-time/CPU time limits, VM/mem address space limits, etc.)
4. Programmable seccomp-bpf __syscall filters__ (with the [kafel language](https://github.com/google/kafel/))
5. Cloned and separated __Ethernet interfaces__
4. Programmable seccomp-bpf __syscall filters__ (through the [kafel language](https://github.com/google/kafel/))
5. Cloned and isolated __Ethernet interfaces__
6. __Cgroups__ for memory and PID utilization control
***