restrictingprocess

Restrictingprocess, often written as restricting process, refers to techniques for constraining what a running process may do in a computer system. The aim is to reduce risk from bugs, vulnerabilities, or untrusted code by enforcing least privilege, limiting resources, and isolating the process from sensitive system areas.

Common approaches include resource limits, capability-based security, and execution isolation. Unix-like systems use mechanisms such as

Platform-specific mechanisms include Linux namespaces and cgroups for isolation, AppArmor and SELinux for access control, and

Use cases include securing servers by isolating services, limiting risk from untrusted software, and reducing data

Limitations include potential bypass if configurations are incorrect and reliance on kernel features that share resources