
NsJail: A lightweight process isolation tool - arunc
http://google.github.io/nsjail/
======
betaby
What I find missing in current state of containers is a lack of surrounding
utils. For example LXC-* still didn't reach the same level of functionality as
say vzctl. Having light non LXC dependent tool like NsJail is nice thought,
especially to quickly test something in the separate environment.

------
stefanha
Most of these settings are available to systemd unit files. Is there anything
unique here that isn't available?

------
mkj
Ah, I'd missed that CLONE_NEWUSER lets you do "chroot" as non-root. That's
useful.

