All Linux kernels provide the chroot system call to confine a process in a subdirectory. Unfortunately, this does not protect the system from root processes, and it can be broken out of. The JAIL module extends the chroot system call functionality to provide a superset of the FreeBSD jail functionality (except individual kernel level hostnames).
This program will put the process into a jail with chroot to path, ip address IP and then execute prog with args.
See appropriate RSBAC documentation about for JAIL module details.
verbose program output
allow access to IPC outside this jail
allow jailed processes to change their rlimits
allow all network families, not only UNIX and INET (IPv4)
allow INET (IPv4) raw sockets (e.g. for ping)
auto-adjust INET any address 0.0.0.0 to jail address, if set
additionally allow to/from remote INET (IPv4) address 127.0.0.1