I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.
It seems to be lighter weight than firejail and possibly better suited for server applications.
Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.
Afaik RedBot (oss, extensible discord bot in Python) used it to allow people to run python scripts directly from discord without access to the file system, network and to limit the run time.
In my book I’ve had categorised it as a lower-level tool for security and sandboxing, a lot lower level then firejail is.