nsjail4openwrt — Process Isolation for OpenWrt

nsjail4openwrt provides tooling and patches to cross-compile nsjail — Google’s process isolation and sandboxing tool — for OpenWrt embedded Linux devices.

nsjail uses Linux namespaces, cgroups, and seccomp-bpf to provide lightweight process sandboxing. This project adapts it to run on resource-constrained OpenWrt routers and embedded systems.

The repository contains a Makefile and a series of patches (001.patch through 004.patch) needed to build nsjail for the OpenWrt toolchain.

Links

nsjail4openwrt GitHub repository

Google nsjail