I’ve written a series of articles on various Linux sandboxing capabilities that developers can make use of to write their programs in a more secure fashion. If you’re interested, have a look.
Here’s a link to all of the articles:
Seccomp Filters: http://www.insanitybit.com/2014/09/08/3719/
Linux Capabilities: http://www.insanitybit.com/2014/09/08/sandboxing-linux-capabilities/
Chroot Sandbox: http://www.insanitybit.com/2014/09/08/sandboxing-chroot-sandbox/
And here’s a link to the GitHub for SyslogParse, the program I use as a demonstration: