NsJail: A light-weight process isolation tool for Linux

I have forked this project long ago and have built an online judge utilizing its BPF integration to filter out unwanted syscalls. The fork implements the time&#x2F;mem usage reporting to satisfy the judge&#x27;s need and it has improved my knowledge to modern Linux kernels.<p>There were some rough edges back then, but it had been my go-to tool to run user-provided code in isolation.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;NeoHOJ&#x2F;nsjail">https:&#x2F;&#x2F;github.com&#x2F;NeoHOJ&#x2F;nsjail</a>

it&#x27;d be interesting to see a comparison of these -- the building blocks are (mostly) the same, but the interfaces differ in interesting ways:<p>- nsjail<p>- firejail<p>- bubblewrap<p>- runc<p>etc.

A few decades back we had the ability to cryogenically freeze processes, save them to storage, move the bins to another system, and defrost them to be run again. This was a great feature that I had hoped would make its way into mainstream kernels, but it seems to have disappeared off the face of the earth.<p>I wonder if the expansion of process isolation tooling will ever lead us back to this situation again, anyone know? It seems to me that strict isolation would be a vital rudimentary requirement for cryofreezing processes...

Is there an equivalent for MacOS ?

So this is like jails for BSD?