google / nsjailLinks
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
☆3,233Updated 3 weeks ago
Alternatives and similar repositories for nsjail
Users that are interested in nsjail are comparing it to the libraries listed below
Sorting:
- Low-level unprivileged sandboxing tool used by Flatpak and similar projects☆4,331Updated 7 months ago
- Fully static, unprivileged, self-contained, containers as executable binaries.☆2,520Updated 6 years ago
- syzkaller is an unsupervised coverage-guided kernel fuzzer☆5,681Updated this week
- A fast and lightweight fully featured OCI runtime and C library for running containers☆3,353Updated this week
- High-level tracing language for Linux☆9,239Updated this week
- The main libseccomp repository☆853Updated 3 weeks ago
- weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interestin…☆2,400Updated 10 months ago
- A foreign function interface for bash.☆2,134Updated 11 months ago
- A userspace out-of-memory killer☆1,941Updated 3 weeks ago
- Wrangling Untrusted File Formats Safely☆4,523Updated last week
- unfork(2) is the inverse of fork(2). sort of.☆1,475Updated last year
- Userspace WireGuard® Implementation in Rust☆6,398Updated last week
- Application Kernel for Containers☆16,498Updated this week
- Browser-based frontend to gdb (gnu debugger). Add breakpoints, view the stack, visualize data structures, and more in C, C++, Go, Rust, a…☆10,079Updated last year
- like ~~grep~~ UBER, but for binaries☆1,732Updated 2 years ago
- Linux system exploration and troubleshooting tool with first class support for containers☆8,000Updated 2 months ago
- Simple Linux seccomp rules without writing any code☆483Updated 8 months ago
- Ignite a Firecracker microVM☆3,497Updated last year
- Embeddable, replicated and fault-tolerant SQL engine.☆4,036Updated this week
- Content-Addressable Data Synchronization Tool☆1,521Updated last year
- router7 is a small home internet router completely written in Go. It is implemented as a gokrazy appliance.☆2,712Updated last month
- firecracker-containerd enables containerd to manage containers as Firecracker microVMs☆2,369Updated last month
- A high performance layer 4 load balancer☆4,952Updated this week
- BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more☆21,409Updated this week
- Record and Replay Framework☆9,859Updated this week
- A language and library for specifying syscall filtering policies.☆319Updated 10 months ago
- Checkpoint/Restore tool☆3,237Updated last week
- Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)☆3,188Updated last week
- Linux-native "fake root" for implementing rootless containers☆1,080Updated 3 weeks ago
- A hacky debugger UI for hackers☆6,261Updated 4 months ago