◦ Limit, account & Isolate resource usage (CPU, memory, disk, etc) • chroot ◦ Isolate access to disk • AppArmor • SELinux • seccomp - mnt (mount points, filesystems) - pid (processes) - net (NICs, routing) - ipc (inter-process communication) - uts (hostname) - user (user ids) - Secure computing/ application sandboxing - Security modules for controlling access to resources based on security policies