Nsjail – A light-weight process isolation tool for Linux

This seems very similar to Bubblewrap: <a href="https:&#x2F;&#x2F;github.com&#x2F;projectatomic&#x2F;bubblewrap" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;projectatomic&#x2F;bubblewrap</a>

How does this compare to firejail?

Is this what I should use if I want to intercept filesystem calls (and rewrite them, or generate on the fly the file that is about to be accessed)? Something else I should look into for this purpose?

Is there a minimum required kernel version? How does it compare to proot?<p>We use proot in our build pipeline and it would be interesting to look into alternatives.

This seems to be almost exactly like systemd-nspawn other than the ability to write seccomp policies in kafel.<p>Are there any other notable differences?

I&#x27;ve been using nsjail in production with good success lately. It&#x27;s a solid tool.<p>Thank you authors! Really appreciate your work on this project.

I have become conditioned by seeing so many Javascript frameworks reach the front page over the years that I parsed this as &#x27;JsNail&#x27; on first glance.