Notes on Linux/UNIX process isolation, jailing (à la Docker, podman), etc. Software: * [[https://nsjail.dev/|nsjail.dev]] * [[https://google.github.io/minijail/|minijail]]. Sandboxing and containment tool used in ChromeOS and Android. * [[https://github.com/netblue30/firejail|firejail]]. Linux namespaces and seccomp-bpf-based sandboxing.