google / nsjailLinks
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
☆3,499Updated this week
Alternatives and similar repositories for nsjail
Users that are interested in nsjail are comparing it to the libraries listed below
Sorting:
- Low-level unprivileged sandboxing tool used by Flatpak and similar projects☆4,724Updated 2 months ago
- Linux system exploration and troubleshooting tool with first class support for containers☆8,108Updated 6 months ago
- A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Li…☆4,839Updated this week
- A kernel designed to run one and only one application in a virtualized environment☆2,980Updated 3 weeks ago
- High-performance regular expression matching library☆5,141Updated 6 months ago
- Fully static, unprivileged, self-contained, containers as executable binaries.☆2,517Updated 6 years ago
- syzkaller is an unsupervised coverage-guided kernel fuzzer☆5,833Updated this week
- High-level tracing language for Linux☆9,644Updated last week
- Generate sandboxes for C/C++ libraries automatically☆1,715Updated last week
- Simple Linux seccomp rules without writing any code☆505Updated 3 months ago
- A foreign function interface for bash.☆2,147Updated last year
- The main libseccomp repository☆873Updated last month
- Ignite a Firecracker microVM☆3,515Updated last year
- Fast, indexed regexp search over large file trees☆3,864Updated 4 months ago
- A high performance layer 4 load balancer☆5,051Updated this week
- Checkpoint/Restore tool☆3,409Updated last week
- firecracker-containerd enables containerd to manage containers as Firecracker microVMs☆2,514Updated last month
- Record and Replay Framework☆10,144Updated this week
- Application Kernel for Containers☆17,023Updated this week
- Wrangling Untrusted File Formats Safely☆4,623Updated 2 months ago
- Programmable debugger☆1,928Updated this week
- The Unikernel & MicroVM Compilation and Deployment Platform☆2,775Updated 2 years ago
- A userspace out-of-memory killer☆1,973Updated last week
- Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)☆3,259Updated 3 weeks ago
- Embeddable, replicated and fault-tolerant SQL engine.☆4,187Updated last week
- A fast and lightweight fully featured OCI runtime and C library for running containers☆3,585Updated this week
- unfork(2) is the inverse of fork(2). sort of.☆1,477Updated last year
- A curated list of awesome projects related to eBPF.☆4,772Updated 3 weeks ago
- Interactively grep source code. Source for http://livegrep.com/☆2,141Updated last month
- Painless relocation of Linux binaries–and all of their dependencies–without containers.☆3,002Updated last year