Next InstantSSH plugin version will provide a new jail builder (FireJail) which allows to provides a full isolation through the Linux kernel, via Linux namespaces, seccomp-bpf and Linux capabilities features.
You can see it in action below:
To resume, in InstantSSH plugin version 5.0.0, there will be two jail builders available:
- MakeJail: Create jails using `makejail'. Only the filesystem is isolated using the chroot() system call.
- FireJail: Create jails using `makejail' and isolate them with `FireJail'. FireJail provides a full isolation through the Linux kernel, via Linux namespaces, seccomp-bpf and Linux capabilities features.
Note that support for `FireJail' is still EXPERIMENTAL.