Simple Linux seccomp rules without writing any code
☆518Jul 2, 2025Updated 7 months ago
Alternatives and similar repositories for sandbox
Users that are interested in sandbox are comparing it to the libraries listed below
Sorting:
- sandboxing and containment tool used in ChromeOS and Android☆361Updated this week
- A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kaf…☆3,734Updated this week
- The main libseccomp repository☆899Jan 8, 2026Updated last month
- A fair-share ratelimiter implemented in BPF☆206Sep 26, 2024Updated last year
- Low-level unprivileged sandboxing tool used by Flatpak and similar projects☆5,905Feb 4, 2026Updated 3 weeks ago
- An execution engine for Wireshark-like filters☆1,092Feb 19, 2026Updated last week
- Linux namespaces and seccomp-bpf sandbox☆7,100Updated this week
- A language and library for specifying syscall filtering policies.☆345Nov 22, 2025Updated 3 months ago
- Programmable debugger☆2,028Feb 20, 2026Updated last week
- Certified Refurbished Private Key Depot☆12Oct 17, 2019Updated 6 years ago
- Rustic X11 games☆16Jan 15, 2026Updated last month
- A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Li…☆5,323Updated this week
- Userspace WireGuard® Implementation in Rust☆6,915Jan 22, 2026Updated last month
- Authoritative CoreDNS on Fly.io☆15May 31, 2021Updated 4 years ago
- Easier tracing of packets through iptables☆35Jun 24, 2025Updated 8 months ago
- Wrangling Untrusted File Formats Safely☆4,708Feb 9, 2026Updated 2 weeks ago
- Fly☆297Apr 11, 2024Updated last year
- serf + headless chromium && CDP☆15Jan 8, 2021Updated 5 years ago
- Linux Application Level Firewall based on eBPF and NFQUEUE.☆705Nov 5, 2023Updated 2 years ago
- Application Kernel for Containers☆17,777Updated this week
- Linux Runtime Security and Forensics using eBPF☆4,388Feb 18, 2026Updated last week
- A dynamic library providing Virtualization-based process isolation capabilities☆1,678Feb 19, 2026Updated last week
- A sentry for zero-hit TLS certificate changes in Go☆56Jul 27, 2025Updated 7 months ago
- BSD socket API on steroids☆323Sep 27, 2024Updated last year
- Ignite a Firecracker microVM☆3,528Dec 7, 2023Updated 2 years ago
- Record and Replay Framework☆10,393Updated this week
- Offline encryption of Kubernetes Secrets☆182Oct 14, 2024Updated last year
- Prepared statement support for the system command☆29Jul 25, 2020Updated 5 years ago
- Luajit take full advantage of lower 2G memory on AMD64 platform.☆36Oct 16, 2024Updated last year
- Prometheus exporter for custom eBPF metrics☆2,518Feb 9, 2026Updated 2 weeks ago
- BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more☆22,250Updated this week
- UtahFS is an encrypted storage system that provides a user-friendly FUSE drive backed by cloud storage.☆820Sep 26, 2024Updated last year
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago
- cBPF to C or eBPF compiler☆212Feb 19, 2026Updated last week
- Create microVMs from OCI images☆1,616Feb 9, 2026Updated 2 weeks ago
- CoreBGP is a BGP library written in Go that implements the BGP FSM with an event-driven, pluggable model.☆179Jul 15, 2024Updated last year
- firecracker-containerd enables containerd to manage containers as Firecracker microVMs☆2,676Feb 10, 2026Updated 2 weeks ago
- OCI hook to trace syscalls and generate a seccomp profile☆338Feb 12, 2026Updated 2 weeks ago
- Secure and fast microVMs for serverless computing.☆32,675Updated this week