Isowrap is a library used to execute programs isolated from the rest of the system.
It is a wrapper around Linux Containers (using isolate) and FreeBSD jails (WIP).
This is probably alpha quality software.
- Linux isolate runner
- Full env
- FreeBSD jail runner
- DOES NOT COMPILE - breaking changes
- Implement "proper" wall time limit.
- Stack limit
- Maximum number of processes
- Enable/Disable networking
- Environment variables
See the INSTALLATION part of the isolate manual. Control groups are required, make sure that they are enabled and cgroupfs is mounted.
Enable kernel racct support by adding the following line to /etc/loader.conf:
kern.racct.enable=1