[ 原始碼: compartment ]
套件:compartment(1.1.0-5 以及其他的)
Confine services in a limited environment
Compartment was designed to allow safe execution of privileged and/or untrusted executables and services. It can execute a process:
- Setting specific Linux capabilities - Chrooting it to a certain location - setting the user or group it will run with - running a program before it is executedThese features can be used to minimize the risk of a trojanized or vulnerable program/service.