Noid has not been updated for a couple of years, and does not work on newer kernels. Consider development to be on hold, with a quite small chance of being restarted.

The future of Noid

Currently, the -d option to chtrunk attaches the original /tmp/ on /tmp/. It should instead create a new empty temporary directory.

It should be possible to attach files and directories read-only, even if they are read-write for normal processes.

We need to construct a tighter jail for the processes. The idea is to create a filesystem where every file is a capability, and mount it under /cap/. Every chtrunked process that does not have a file descriptor for /cap/network will be denied all network access, and only processes with access to /cap/time can access the system clock.

It would be nice to have even more fine-grained capabilities. Imagine capabilites like /cap/network/tcp/ or even /cap/network/tcp/*

It doesn't stop here. Once processes are properly jailed, they can be used as building blocks for performing different tasks. More about this later.

Send questions, money, bug reports, success reports, patches and suggestions to the author, Jörgen Cederlöf, at

Hosted at SourceForge Logo lysator