Hello nsjail community,

I'm part of a team working on a project that involves creating a custom Linux build with Yocto, running ROS2 (Robot Operating System 2 - https://docs.ros.org/en/iron/) for applications and communication on limited hardware. We primarily focus on ARM Cortex-A platforms; for example, we use Raspberry Pi Zero 2W and Raspberry Pi 4 as our test boards (not microcontrollers).

I am trying to implement a robust isolation layer for ROS2 applications, aiming to significantly reduce the risk of a single application bug jeopardizing the entire system's security.

We're considering nsjail for this purpose and would greatly value the community's input on a few key points:

1. Suitability for ROS2: Is nsjail a viable choice for isolating ROS2 applications, particularly in the context of enhancing security? Has anyone successfully used nsjail with ROS2? If so, we'd be interested in learning about your experiences and any obstacles you faced.
2. Performance on Limited Hardware: Given the constraints of our target platforms, what are the key considerations or potential optimizations for using nsjail effectively?
3. Integration with Yocto: Are there specific requirements or considerations for integrating nsjail into a Yocto-based Linux build? Any tips or documentation would be greatly appreciated.

We plan to release our project as open-source after reaching our first milestone in the coming months. Your insights will aid our current efforts and contribute to the broader community once we share our work.

Looking forward to your guidance and suggestions.