Depending on application requirements, other packaging technologies for consideration include:
Choosing a restricted shell for login of a captive user, such as rbash, instead of /bin/sh (for example, see http://en.wikipedia.org/wiki/Restricted_shell).
Setting up a chroot environment for an application used by captive users (for example, see http://en.wikipedia.org/wiki/Chroot).
Using TCP wrappers to filter incoming requests (for example, see http://www.360is.com/03-tcpwrappers.htm).
Configuring mandatory access controls, such as SELinux (for example, http://opensource.com/business/13/11/selinux-policy-guide).
