seccomp
There are 126 repositories under seccomp topic.
syscall_limiter
Start Linux programs with only selected syscalls enabled (libseccomp-based)
xinetd-kafel
xinetd-kafel is a more secure replacement for xinetd with secure computing (seccomp, only work on linux)
runjail
ad-hoc sandboxes on Linux
torjail
:lock: download, verify & run torbrowser in a sandbox
container-from-scratch-in-c
A container engine from scratch in C language, without any LXC or Docker
exile.h
Painless Linux sandboxing API
force-bind-seccomp
force-bind with seccomp-bpf notifications
nim-seccomp
Seccomp (libseccomp2) adapter for the Nim language
seccomp-sys
low-level bindings to libseccomp
disable_sendfile_vbox_linux
Go VirtualBox vboxsf sendfile bug workaround
antijack
:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)
ld-so-daemon
Dynamic loading with privilege separation
strace2seccomp
strace2seccomp - generates libseccomp policies from strace logs
runcron
simple, safe, container-friendly cron alternative
zenroomjs
zenroomjs :accept: provides a javascript wrapper of zenroom, a secure and small virtual machine for crypto language processing
syscalls
Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.
dockersecurity-quickreference
:books: :whale: For DevOps Engineers :whale: :books:
segment-sandbox
The sandbox for segment-judger using linux namespace, cgroup and seccomp
pwndocker
Docker tools for CTF pwning 👩🏻💻👨🏻💻🚩
totp.c
simple, standalone TOTP without dependencies
zenroom-py
:snake: Python facilitation wrapper to embed :lock: Zenroom
natisand
Native code sandboxing for JavaScript runtimes
sredird
RFC 2217 network serial port redirector
blog
PRoot Developer Blog
dockergate
Automated Seccomp policy generation for docker images
pdf-preview
This is a sandboxed PDF viewer for Linux. It transforms PDF into SVG (serialized in JSON).
node-seccomp
Low level libseccomp bindings for Node.js
unshare-fun
Experiments with unshare
sandbox
A sandbox capable of executing untrusted applications with restrictions
trep
Selectively stream stdin to stdout/stderr based on regular expressions
seccomp-pledge
seccomp-BPF filtering and pledge/unveil sandboxing for Linux
yaoj-judger
Judger for the future yaoj
secco
:shield: auto-generate seccomp profiles for Kubernetes
scmp-confine
Simple CLI wrapper for libseccomp library written in Go.
mini-sandbox
A simple sandbox for compiling and running C, C++, or Java programs using seccomp.
docker-caps
A Falco based project that help me/you to add a better understanding of security in docker and Linux capabilities