Role-based access control system, least privilege memory protection, chroot restriction, etc.
grsecurity® is an extensive security enhancement to the linux kernel that defends against a wide range of security threats through intelligent access control, memory corruptionbased exploit prevention, and a host of other system hardening that generally require no configuration.
it has been actively developed and maintained for the past 17 years. commercial support for grsecurity is available through open source security, inc.
Official Website
Source
Facebook
security-focused os-kernel linux chroot-hardening container-isolation-hardening memory-protection rbac