seccomp

There are 126 repositories under seccomp topic.

  • syscall_limiter

    Start Linux programs with only selected syscalls enabled (libseccomp-based)

    Language:C23

  • xinetd-kafel

    xinetd-kafel is a more secure replacement for xinetd with secure computing (seccomp, only work on linux)

    Language:C19

  • runjail

    ad-hoc sandboxes on Linux

    Language:Go16

  • torjail

    :lock: download, verify & run torbrowser in a sandbox

    Language:Shell15

  • container-from-scratch-in-c

    A container engine from scratch in C language, without any LXC or Docker

    Language:C14

  • exile.h

    Painless Linux sandboxing API

    Language:C14

  • force-bind-seccomp

    force-bind with seccomp-bpf notifications

    Language:C12

  • nim-seccomp

    Seccomp (libseccomp2) adapter for the Nim language

    Language:Nim12

  • seccomp-sys

    low-level bindings to libseccomp

    Language:Rust11

  • disable_sendfile_vbox_linux

    Go VirtualBox vboxsf sendfile bug workaround

    Language:Go11

  • antijack

    :ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)

    Language:C10

  • ld-so-daemon

    Dynamic loading with privilege separation

    Language:C10

  • strace2seccomp

    strace2seccomp - generates libseccomp policies from strace logs

    Language:C++10

  • runcron

    simple, safe, container-friendly cron alternative

    Language:C8

  • zenroomjs

    zenroomjs :accept: provides a javascript wrapper of zenroom, a secure and small virtual machine for crypto language processing

    Language:JavaScript8

  • syscalls

    Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.

    Language:Shell8

  • dockersecurity-quickreference

    :books: :whale: For DevOps Engineers :whale: :books:

    8

  • segment-sandbox

    The sandbox for segment-judger using linux namespace, cgroup and seccomp

    Language:C++7

  • pwndocker

    Docker tools for CTF pwning 👩🏻‍💻👨🏻‍💻🚩

    Language:Shell7

  • totp.c

    simple, standalone TOTP without dependencies

    Language:C7

  • zenroom-py

    :snake: Python facilitation wrapper to embed :lock: Zenroom

    Language:Python7

  • natisand

    Native code sandboxing for JavaScript runtimes

    Language:Rust6

  • sredird

    RFC 2217 network serial port redirector

    Language:C6

  • blog

    PRoot Developer Blog

    6

  • dockergate

    Automated Seccomp policy generation for docker images

    Language:Roff6

  • pdf-preview

    This is a sandboxed PDF viewer for Linux. It transforms PDF into SVG (serialized in JSON).

    Language:C6

  • node-seccomp

    Low level libseccomp bindings for Node.js

    Language:C++5

  • unshare-fun

    Experiments with unshare

    Language:Python5

  • sandbox

    A sandbox capable of executing untrusted applications with restrictions

    Language:C5

  • trep

    Selectively stream stdin to stdout/stderr based on regular expressions

    Language:C5

  • seccomp-pledge

    seccomp-BPF filtering and pledge/unveil sandboxing for Linux

    Language:Rust4

  • yaoj-judger

    Judger for the future yaoj

    Language:C4

  • secco

    :shield: auto-generate seccomp profiles for Kubernetes

    Language:Go4

  • scmp-confine

    Simple CLI wrapper for libseccomp library written in Go.

    Language:Go4

  • mini-sandbox

    A simple sandbox for compiling and running C, C++, or Java programs using seccomp.

    Language:C4

  • docker-caps

    A Falco based project that help me/you to add a better understanding of security in docker and Linux capabilities

    Language:C++4