Execute a binary inside our container, resolve issues of dynamic libraries, mount directories inside the environment. Conclusion of the serie

How to restrict the binary running inside our container in order to protect our system. Introduction to seccomp, syscalls, cgroups, rlimit

Set up user namespaces, map the UID / GID, restrict the child process with linux capabilities

Set the container hostname, modify the container mount point, pivoting the root.

Prepare inter-process communication (IPC), create a clone of the parent process while restricting its scope using namespaces.

Getting the configuration, creating the skeletton for the container, checking the Linux kernel version for compatibility

Creation of the project, the logging system, the error handlings, and arguments validation

Overview of what is a container, the problem of software isolation it solves and how does it compares to other solutions.