Compartment was designed to allow safe execution of privileged and/or untrusted executables and services. It can execute a process: - Setting specific Linux capabilities - Chrooting it to a certain location - setting the user or group it will run with - running a program before it is executed These features can be used to minimize the risk of a trojanized or vulnerable program/service.