넷BSD 가벼운 커널 격리 시스템

Cells for NetBSD is an early-stage but steadily maturing system for lightweight, kernel-enforced isolation on NetBSD. It closes the operational gap between simple chroot environments and full virtualization platforms such as Xen. The project runs multiple workloads on a single host with: Strong process isolation System hardening profiles Supervised service execution Unified lifecycle management Centralized logging Snapshot-based metrics export The system stays fully NetBSD-native: isolation and policy enforcement are built into the kernel security framework, not delegated to a separate runtime layer. The goal is not to replicate Linux-style container ecosystems, but to provide a focused operating model with minimal dependencies, no external control services, and explicit operational boundaries. As with any kernel-based isolation, security depends on kernel correctness; stronger trust separation may still require virtualization such as Xen. Overall, the project is evolving into a practical, end-to-end isolation stack that fits naturally into existing NetBSD administration workflows.