kitzman 790d094b67 | ||
---|---|---|
src | ||
.gitignore | ||
Cargo.toml | ||
LICENSE | ||
README.md |
README.md
WIP
Synopsis
Moksha
is a tool to manage safe, isolated environments to run your daily
software. As it is WIP, in the future it will provide:
- automatic management of filesystems (overlays, encryption)
- management of seccomp and capabilities
containers- KVM VMs
- Xen VMs
- the ability to revert overlays (in the case that the filesystem is compromised)
- the ability to configure each binary (in which environment it runs, with which permissions, network, mounts, xserver, etc)
- the ability to script custom config directives (I'm thinking C, Rust, V, Guile)
LD_LIBRARY_PATH
-based wrapper- (possibly) an init (PID 1) wrapper
- the ability to init the system (i.e: image and overlay repo, Xen options, KVM options, etc)
The purpose of this tool is to provide a more configurable and customizable
setup than firejail
and QubesOS combined.
Currently, this repo provides nstool
only - a tool to list namespaces and to
unshare
into new ones.