I should have said filesystem namespace isolation. For example, isolating a process from accessing proc, sys, such that it is only able to access a predefined list of directory. Quoting Tanaka, Thomas (thomas.tanaka@xxxxxxxxx): > Thanks for the quick reply. > Just out of curiosity, Is it possible to develop a cgroup subsystem that just does the filesystem isolation? Exactly what filesystem isolation? -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers