mirror of
https://github.com/uselessd/alcove.git
synced 2026-04-15 09:15:19 +00:00
a9245bae00
alcove acts a proxy between the Erlang VM and a forked process. It can enforce restrictions on the child process, such as dropping privileges, setting resource limits and chroot'ing. The goal is to support Linux namespaces, seccomp mode and cgroups so the port process can run in an application container. alcove should be portable though and a subset of the features should work on any unix, possibly even supporting the sandboxing mechanisms on other platforms.