kagome
kagome copied to clipboard
Application cage
cli image tends to have a lot of zombie processes because spawned background processes aren't reaped by the container's init (interactive sudo). More detail explanation: https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/ Article recommends to use...
Qubes has a lot of pros compared to kagome: - Xen hypervisor should be much more robust - User-friendly, great concept of "secure by default" OS - Memory is cheap...
systemd now has [systemd-nspawn](http://man7.org/linux/man-pages/man1/systemd-nspawn.1.html) and [systemd-machined](http://man7.org/linux/man-pages/man8/systemd-machined.8.html) which in many ways are similar to kagome and coreos concepts. We need to think how to avoid reinventing the wheel.
Minimal functionality would be enough to begin with.
See: https://blog.sleeplessbeastie.eu/2013/07/19/how-to-create-browser-sandbox/ http://askubuntu.com/questions/41330/let-xorg-listen-on-tcp-but-only-to-localhost