The Beowulf Distributed Process Space (BProc) is set of kernel modifications, utilities, and libraries which allow a user to start processes on other machines in a Beowulf-style cluster. Remote processes started with this mechanism appear in the process table of the front end machine in a cluster. This allows remote process management using the normal UNIX process control facilities. Signals are transparently forwarded to remote processes and exit status is received using the usual wait () mechanisms.
Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
ROPE is an open-ended iptables match module that allows rules to be written using a simple but powerful scripting language. It is designed for controlling complex high-level protocols that cannot be blocked using traditional criteria based on port numbers (etc.). Criteria can include tests on any field of the IP, UDP, or TCP headers as well as the packet data payload.