I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.

It seems to be lighter weight than firejail and possibly better suited for server applications.

Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.

  • ramenu
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    I’ve never heard of nsjail, so I wouldn’t know. But there’s also bubblewrap which is used by Flatpak for sandboxing. It’s very small, although a bit annoying to use.

    • matcha_addict@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Bubblewrap seemed much less user friendly than nsjail, I assume because it is intended to be a lower level application used by libraries like flatpak. It is also more tailored to desktop applications and GUIs, whereas nsjail is focused on server apps (though I did see the author mentioning adding better support for GUIs years ago, but I did not check if that happened).