Notes on Linux/UNIX process isolation, jailing (à la Docker, podman), etc.

Software:

 * [[https://nsjail.dev/|nsjail.dev]]
 * [[https://google.github.io/minijail/|minijail]]. Sandboxing and containment tool used in ChromeOS and Android.
 * [[https://github.com/netblue30/firejail|firejail]]. Linux namespaces and seccomp-bpf-based sandboxing.