As a part of my job at OVH I dealt with Linux Namespaces as a security mechanism in a “yet to be announced” product. I was astonished by both how powerful and poorly documented it is. [EDIT 2014-01-08] A Chinese translation of this post is available here: Most of you have probably heard about LXC - LinuX Containers, “Chroot on steroids”. What it basically does is isolate applications from others. A bit like chroot does by isolating applications in a virtual private root but taking the...
