Process and device isolation

Process isolation

Linux isolates the processes, and each of them can't access others' ones, even of they're running under the same user's privileges.

Other system Linux uses to enhance security and protection:

• Control Groups (cgroups)
  Administrators can group processes and associate a limit of resources to each cgroup.
• Containers
  It runs multiple isolated Linux systems (containers) on a single system based on cgroups.
• Virtualisation
  Entire systems can run simultaneously as isolated and insulated guests (virtual machines) on one physical host.

Device isolation

Hardware and devices are not directly accessible. There is a file system layer which creates a file called node in /dev/ for every device of hardware. Each device special file has a standard owner, group and world permission fields. Security is the same like a normal file.