WIP

Synopsis

Moksha is a tool to manage safe, isolated environments to run your daily software. As it is WIP, in the future it will provide:

automatic management of filesystems (overlays, encryption)
management of seccomp and capabilities
~~containers~~
KVM VMs
Xen VMs
the ability to revert overlays (in the case that the filesystem is compromised)
the ability to configure each binary (in which environment it runs, with which permissions, network, mounts, xserver, etc)
the ability to script custom config directives (I'm thinking C, Rust, V, Guile)
LD_LIBRARY_PATH-based wrapper
(possibly) an init (PID 1) wrapper
the ability to init the system (i.e: image and overlay repo, Xen options, KVM options, etc)

The purpose of this tool is to provide a more configurable and customizable setup than firejail and QubesOS combined.

Currently, this repo provides nstool only - a tool to list namespaces and to unshare into new ones.