Last change: 2025-03-12
The Linux kernel uses namespaces to isolate resources and make them available to one or more processes. A bit like The Matrix movie.
Namespaces articles
Last change: 2025-03-12
The lsns command on Linux can be used to show the namespaces that are in use on the system. It may be used for information gathering or troubleshooting.
Last change: 2025-03-12
Harden services on Linux with systemd unit setting PrivateUsers. It defines a new user namespace for the service and provides process capability isolation.
Commands:
- systemd-run
Last change: 2025-03-12
Harden Linux system services by restricting systemd units to change the hostname or NIS domain name of the system with the unit setting ProtectHostname.
Last change: 2025-03-12
Harden services on Linux by using the systemd unit setting PrivatePIDs, which allows running a service in its private PID namespace.
Commands:
- systemd-run
Last change: 2025-03-12
Firejail is a tool to sandbox applications to restrict what they can do. It is a useful tool to limit the risk on privilege escalation and exploits.
Last change: 2025-03-12
Harden system and user services on Linux by restricting systemd units to only use specified namespaces with the unit setting RestrictNamespaces.
Commands:
- strace
- strings
Last change: 2025-03-12
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.
Commands:
- awk
- grep
- sort
- strings
- uniq
Last change: 2025-03-12
Feeling overwhelmed with the options available to secure your Linux system? With this guide, we walk step-by-step through the option, tools, and resources.
Last change: 2025-03-12
Docker Inc. is one of the pioneers in the world of DevOps and known for its toolkit around Linux container technology. Will Docker make things more secure?
Last change: 2025-03-12
There is a great misconception about using container and virtualization technology. We have a look at the Docker security features and how it can help you.