I'm currently working on a platform that will allow other users to run their applications on my platform. Though, we need to be able to restrict this application in terms of RAM, CPU usage, network usage but also the ports the user can bind to. PHP has the ability to allow or disallow fopen to remote URLs (or use sockets), however, I want to be able to restrict an application to a specific port range, so that we can allow users to use sockets, without actually giving them the ability to bind to any port.

It'd be nice to have a solution that works on both Windows and Linux hosts, however, Linux is the main focus here. I've read up on Docker, but I'm not entirely sure if / how this will allow me to restrict a port range to a specific application.

I'm currently aiming to run NodeJS applications, but in theory it should allow anything to be run.