GitHub topics: seccomp
sandstorm-io/sandstorm
Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
Language: JavaScript - Size: 19.3 MB - Last synced at: about 22 hours ago - Pushed at: 3 months ago - Stars: 6,936 - Forks: 715
msantos/prx
an Erlang library for interacting with Unix processes
Language: Erlang - Size: 604 KB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 36 - Forks: 6
queelius/sandrun
Anonymous, ephemeral, sandboxed code execution service. Secure isolation with Linux namespaces, seccomp-BPF, and resource limits. No accounts, no tracking, auto-deletes.
Language: C++ - Size: 91.8 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 1 - Forks: 0
Ghostlock-AI/capsule
Agent Security Runtime
Language: Rust - Size: 4.1 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 14 - Forks: 1
kubernetes-sigs/security-profiles-operator
The Kubernetes Security Profiles Operator
Language: C - Size: 76.8 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 779 - Forks: 123
msantos/alcove
Control plane for system processes
Language: C - Size: 1.58 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 48 - Forks: 2
slimtoolkit/slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Language: Go - Size: 77.3 MB - Last synced at: 6 days ago - Pushed at: 9 days ago - Stars: 22,086 - Forks: 785
seccomp/libseccomp
The main libseccomp repository
Language: C - Size: 1.87 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 870 - Forks: 182
Synarcs/DNSObelisk
Advanced kernel-native security framework to disrupt and prevent DNS-based breaches including C2 channels and tunneling with zero data loss. Combines TC, Netfilter, raw socket interception, BPF maps, and ring buffers, runs entirely on eBPF in the Linux kernel. Integrates with deep learning for advanced intelligent EDR
Language: Go - Size: 1.82 GB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 30 - Forks: 1
rust-vmm/seccompiler
Provides easy-to-use Linux seccomp-bpf jailing.
Language: Rust - Size: 240 KB - Last synced at: 5 days ago - Pushed at: 6 days ago - Stars: 96 - Forks: 16
david942j/seccomp-tools
Provide powerful tools for seccomp analysis
Language: Ruby - Size: 2.72 MB - Last synced at: 8 days ago - Pushed at: 10 days ago - Stars: 1,055 - Forks: 70
elastic/go-seccomp-bpf
Go library for installing a seccomp BPF system call filter.
Language: Go - Size: 159 KB - Last synced at: 7 days ago - Pushed at: 10 days ago - Stars: 89 - Forks: 21
discue/go-syscall-gatekeeper-cli
Language: Go - Size: 2.14 MB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 1 - Forks: 0
mintoolkit/mint
minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Language: Go - Size: 88.7 MB - Last synced at: 16 days ago - Pushed at: 16 days ago - Stars: 286 - Forks: 17
walidshaari/Certified-Kubernetes-Security-Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
Language: AGS Script - Size: 150 KB - Last synced at: 8 days ago - Pushed at: 2 months ago - Stars: 2,074 - Forks: 558
hartwork/antijack
:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)
Language: C - Size: 78.1 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 11 - Forks: 0
souk4711/hakoniwa
Process isolation for Linux using namespaces, resource limits, landlock and seccomp.
Language: Rust - Size: 12.4 MB - Last synced at: 24 days ago - Pushed at: 24 days ago - Stars: 35 - Forks: 5
avilum/secimport
The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.
Language: Python - Size: 349 KB - Last synced at: 6 days ago - Pushed at: 19 days ago - Stars: 221 - Forks: 17
seccomp/libseccomp-golang
The libseccomp golang bindings repository
Language: Go - Size: 148 KB - Last synced at: 16 days ago - Pushed at: about 1 month ago - Stars: 291 - Forks: 59
bytedance/vArmor
vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
Language: Go - Size: 70.7 MB - Last synced at: 26 days ago - Pushed at: 26 days ago - Stars: 385 - Forks: 43
Sebasteuo/autoseccomp-gen
Trace-driven Seccomp profile generator and validator for Docker
Language: Python - Size: 10.5 MB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 0 - Forks: 0
antitree/keyctl-unmask
Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.
Language: Go - Size: 9.91 MB - Last synced at: 20 days ago - Pushed at: about 1 month ago - Stars: 44 - Forks: 3
alegrey91/harpoon
🔍 Seccomp profiling and function-level tracing tool.
Language: C - Size: 1.2 MB - Last synced at: 22 days ago - Pushed at: 3 months ago - Stars: 158 - Forks: 10
NishizukaKoichi/magicrune-policy-runner
AI Assistant Integration Zero Trust Execution Runtime - Secure command execution with multi-signature verification, advanced Linux sandboxing (namespaces, seccomp, landlock), and comprehensive auditing
Language: Rust - Size: 50.8 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
grantseltzer/karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
Language: Go - Size: 3.49 MB - Last synced at: 24 days ago - Pushed at: almost 5 years ago - Stars: 112 - Forks: 13
libseccomp-rs/libseccomp-rs
Rust Language Bindings for the libseccomp Library
Language: Rust - Size: 382 KB - Last synced at: 6 days ago - Pushed at: 5 months ago - Stars: 39 - Forks: 13
emiluaorg/fekal
Seccomp policy language
Language: C++ - Size: 110 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0
healeycodes/untrusted-python
📦 Run untrusted python code on the server.
Language: TypeScript - Size: 213 KB - Last synced at: 3 months ago - Pushed at: about 2 years ago - Stars: 43 - Forks: 2
debfx/runjail
ad-hoc sandboxes on Linux
Language: Go - Size: 201 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 18 - Forks: 2
kkernick/sb
Sandbox Applications
Language: HTML - Size: 1.43 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0
moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist
A set of curated exercises to help you prepare for the CKS exam
Language: Shell - Size: 178 KB - Last synced at: 3 months ago - Pushed at: about 3 years ago - Stars: 261 - Forks: 168
konkitoman/secure-run
Run a program more secure or see what files a program tries accesses.
Language: Zig - Size: 39.1 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0
taoky/greenhook
A seccomp-unotify-based syscall hook library for Linux
Language: Rust - Size: 1.06 MB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 7 - Forks: 0
rtthw/ptrace-idea
A pseudo-runtime made with just ptrace and seccomp, in Rust.
Language: Rust - Size: 46.9 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0
namecoin/sockstrace
Go port of Heteronculous (ptrace-based proxy leak detector). Outreachy project. Currently undergoing a rewrite!
Language: Go - Size: 1.16 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 8 - Forks: 4
genuinetools/contained.af
A stupid game for learning about containers, capabilities, and syscalls.
Language: JavaScript - Size: 17.5 MB - Last synced at: 4 months ago - Pushed at: over 2 years ago - Stars: 900 - Forks: 60
pjbgf-archives/zaz 📦
A command line tool to automatically generate seccomp profiles.
Language: Go - Size: 2.16 MB - Last synced at: 15 days ago - Pushed at: over 4 years ago - Stars: 26 - Forks: 4
bnbdr/ida-bpf-processor
BPF Processor for IDA Python
Language: Python - Size: 37.1 KB - Last synced at: 4 months ago - Pushed at: about 7 years ago - Stars: 52 - Forks: 7
SubconsciousCompute/seccomp-pledge
seccomp-BPF filtering and pledge/unveil sandboxing for Linux
Language: Rust - Size: 10.6 MB - Last synced at: 4 months ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 4
lazypoline/lazypoline
The lazypoline syscall interposer
Language: C++ - Size: 59.6 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 24 - Forks: 3
xfernando/go2seccomp
Generate seccomp profiles from go binaries
Language: Go - Size: 32.2 KB - Last synced at: 4 months ago - Pushed at: over 7 years ago - Stars: 135 - Forks: 11
msantos/tscat
Timestamp stdin to stdout/stderr
Language: C - Size: 69.3 KB - Last synced at: 2 months ago - Pushed at: 5 months ago - Stars: 2 - Forks: 0
msantos/xmppipe
stdio over XMPP
Language: C - Size: 288 KB - Last synced at: 4 months ago - Pushed at: 5 months ago - Stars: 25 - Forks: 1
antitree/syscall2seccomp
Build custom Docker seccomp profiles for containers by finding syscalls it uses.
Language: Python - Size: 63.5 KB - Last synced at: 20 days ago - Pushed at: about 5 years ago - Stars: 90 - Forks: 11
giuseppe/easyseccomp
DSL language to write seccomp filters
Language: C - Size: 164 KB - Last synced at: 2 days ago - Pushed at: over 1 year ago - Stars: 37 - Forks: 2
msantos/runcron
simple, safe, container-friendly cron alternative
Language: C - Size: 103 KB - Last synced at: 4 months ago - Pushed at: 7 months ago - Stars: 10 - Forks: 1
msantos/trep
Selectively stream stdin to stdout/stderr based on regular expressions
Language: C - Size: 123 KB - Last synced at: 4 months ago - Pushed at: 8 months ago - Stars: 6 - Forks: 1
msantos/prv
pressure relief valve for Unix process pipelines
Language: C - Size: 31.3 KB - Last synced at: about 1 month ago - Pushed at: 6 months ago - Stars: 2 - Forks: 0
msantos/sredird
RFC 2217 network serial port redirector
Language: C - Size: 108 KB - Last synced at: 3 months ago - Pushed at: 5 months ago - Stars: 6 - Forks: 2
proot-me/proot-rs
Rust implementation of PRoot, a ptrace-based sandbox
Language: Rust - Size: 500 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 139 - Forks: 20
mikonoid/CKS-exam-cheat-sheets
Preparation for CKS exam
Size: 159 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0
Archguardian-io/Kubernetes-AppArmor-Profiles
AppArmor and Seccomp profiles for K8S images
Language: Scala - Size: 40 KB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 24 - Forks: 0
nankeen/pwndocker
Docker tools for CTF pwning 👩🏻💻👨🏻💻🚩
Language: Shell - Size: 2.63 MB - Last synced at: about 2 months ago - Pushed at: 12 months ago - Stars: 8 - Forks: 0
proot-me/blog
PRoot Developer Blog
Size: 937 KB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 9 - Forks: 2
robertmin1/seccomp_unotify
A Golang-based syscall interception tool using Seccomp Notify as an alternative to ptrace
Language: Go - Size: 3.91 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0
msantos/totp.c
simple, standalone TOTP without dependencies
Language: C - Size: 43 KB - Last synced at: 4 months ago - Pushed at: 7 months ago - Stars: 8 - Forks: 1
Archguardian-io/Docker-AppArmor-Profiles
AppArmor and Seccomp profiles for Docker images
Language: Scala - Size: 200 KB - Last synced at: 6 months ago - Pushed at: 9 months ago - Stars: 13 - Forks: 2
msantos/collectd-prv
stdout to collectd notification
Language: C - Size: 84 KB - Last synced at: 5 months ago - Pushed at: 6 months ago - Stars: 1 - Forks: 2
orivej/fptrace
Record process launches and files read and written by each process
Language: Go - Size: 68.4 KB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 60 - Forks: 6
msantos/nonetexec
nonetexec: prevent an exec(3)'ed command from opening new sockets
Language: C - Size: 16.6 KB - Last synced at: 5 months ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0
utoni/potd 📦
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Language: C - Size: 280 KB - Last synced at: 7 days ago - Pushed at: about 5 years ago - Stars: 30 - Forks: 5
msantos/pseudocron
sleep(1) using a cron expression
Language: C - Size: 57.6 KB - Last synced at: 5 months ago - Pushed at: 7 months ago - Stars: 3 - Forks: 0
blacktop/seccomp-gen
Docker Secure Computing Profile Generator
Language: Go - Size: 52.7 KB - Last synced at: 23 days ago - Pushed at: almost 4 years ago - Stars: 48 - Forks: 5
robertmin1/strace
Simple demonstration of tracing processes in Go using `ptrace` and `seccomp`
Language: Go - Size: 3.91 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0
FedericoCeratto/nim-seccomp
Seccomp (libseccomp2) adapter for the Nim language
Language: Nim - Size: 49.8 KB - Last synced at: 5 months ago - Pushed at: about 4 years ago - Stars: 11 - Forks: 1
frazenshtein/optrace
optrace records output files written by each process and accumulates total written data size
Language: C++ - Size: 111 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 1 - Forks: 1
msantos/stdio
Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes
Language: Elixir - Size: 232 KB - Last synced at: 4 months ago - Pushed at: about 1 year ago - Stars: 7 - Forks: 0
kpcyrd/syscallz-rs
Simple seccomp library for rust
Language: Rust - Size: 90.8 KB - Last synced at: 17 days ago - Pushed at: almost 2 years ago - Stars: 22 - Forks: 8
huxulm/k8s-simulator
CKA,CKS Simulator Questions (k8s v1.31)
Language: HTML - Size: 521 KB - Last synced at: 4 months ago - Pushed at: 8 months ago - Stars: 0 - Forks: 0
binarymist/dockersecurity-quickreference
:books: :whale: For DevOps Engineers :whale: :books:
Size: 1.35 MB - Last synced at: 4 months ago - Pushed at: over 6 years ago - Stars: 9 - Forks: 3
msantos/hexlog
Hexdump stdin and/or stdout to stderr
Language: C - Size: 104 KB - Last synced at: 2 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0
schnatterer/cks-short-tips
Five short tips for passing the CKS exam (Certified Kubernetes Security Specialist)
Size: 7.81 KB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 3 - Forks: 0
brynet/file
A portable version of OpenBSD's privsep/sandboxed file(1) utility
Language: C - Size: 1.06 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 25 - Forks: 5
equk/torjail
:lock: download, verify & run torbrowser in a sandbox
Language: Shell - Size: 195 KB - Last synced at: 5 months ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 6
foxcpp/scmp-confine
Simple CLI wrapper for libseccomp library written in Go.
Language: Go - Size: 6.84 KB - Last synced at: 2 months ago - Pushed at: over 5 years ago - Stars: 3 - Forks: 0
peterjin-org/go2libc
Make LD_PRELOAD libraries work with Go applications (and other apps that make direct syscalls)
Language: C - Size: 3.91 KB - Last synced at: 6 months ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
msantos/libnoexec
Prevent dynamically linked executables from calling exec(3)
Language: C - Size: 4.88 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 0
msantos/genlb-ptrace
connect(2) load balancer for Unix processes
Language: C - Size: 23.4 KB - Last synced at: 5 months ago - Pushed at: almost 4 years ago - Stars: 1 - Forks: 0
xSavitar/docker-seccomp-filters 📦
[WIP] Testing Seccomp profile with Docker.
Size: 2.93 KB - Last synced at: 10 months ago - Pushed at: almost 7 years ago - Stars: 2 - Forks: 0
topimiettinen/ld-so-daemon
Dynamic loading with privilege separation
Language: C - Size: 172 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 10 - Forks: 2
omri86/go-seccomp
Implementing seccomp filters for Go binaries
Language: Go - Size: 2.93 KB - Last synced at: over 2 years ago - Pushed at: about 5 years ago - Stars: 0 - Forks: 0
roryrjb/node-seccomp 📦
Low level libseccomp bindings for Node.js
Language: C++ - Size: 36.1 KB - Last synced at: 6 days ago - Pushed at: almost 4 years ago - Stars: 5 - Forks: 2
html-extract/hext-on-websockets
Websocket Server for Hext. Hext is a domain-specific language for extracting structured data from HTML documents.
Language: C++ - Size: 38.1 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 3 - Forks: 1
appvia/auditd-container
Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator
Language: Dockerfile - Size: 40 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 2 - Forks: 0
quitesimpleorg/exile.h
Painless Linux sandboxing API
Language: C - Size: 243 KB - Last synced at: 9 months ago - Pushed at: over 1 year ago - Stars: 14 - Forks: 0
TamimEhsan/Simple-Sandbox
A simple sandbox to practice linux security primitives
Language: C++ - Size: 10.7 KB - Last synced at: 6 months ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0
appvia/security-profiles-operator-demo 📦
How to use the new Security Profiles Operator
Language: Shell - Size: 862 KB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 3 - Forks: 0
chussenot/docker-caps
A Falco based project that help me/you to add a better understanding of security in docker and Linux capabilities
Language: C++ - Size: 2.85 MB - Last synced at: over 1 year ago - Pushed at: about 7 years ago - Stars: 4 - Forks: 0
kinvolk/seccompagent
agent for handling seccomp descriptors for container runtimes
Language: Go - Size: 13.6 MB - Last synced at: about 1 year ago - Pushed at: over 1 year ago - Stars: 41 - Forks: 10
giuliocomi/csplogger
A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure
Language: Python - Size: 240 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 33 - Forks: 2
voidc/seccomp-notif
A PoC for using the new seccomp-notif Linux feature from Rust.
Language: Rust - Size: 6.84 KB - Last synced at: 5 months ago - Pushed at: almost 5 years ago - Stars: 2 - Forks: 0
varqox/masters_thesis 📦
Sandbox for multi-process applications for unprivileged users on Linux
Language: TeX - Size: 11.4 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0
mildred/force-bind-seccomp
force-bind with seccomp-bpf notifications
Language: C - Size: 77.1 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 2
Douile/bwrap-scripts
Mirror of https://codeberg.org/Douile/bwrap-scripts
Language: Shell - Size: 15.6 KB - Last synced at: 7 days ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
maxerenberg/port-restricter
Restricts the port to which a process can bind
Language: C - Size: 0 Bytes - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
DECODEproject/zenroomjs 📦
zenroomjs :accept: provides a javascript wrapper of zenroom, a secure and small virtual machine for crypto language processing
Language: JavaScript - Size: 1.91 MB - Last synced at: 15 days ago - Pushed at: almost 6 years ago - Stars: 8 - Forks: 5
sangeetasingh17/Credenz
This repository contains code for the event of Clash held during the techfest Credenz 21-22 hosted by PICT IEEE Student Branch.
Size: 21.7 MB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 0
TomasTomecek/devconf-container-roadshow-2017 📦
My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.
Language: Python - Size: 1.55 MB - Last synced at: 6 months ago - Pushed at: over 8 years ago - Stars: 0 - Forks: 0
SoluReal/custom-seccomp-profile-managed-k8s
Blogpost material: how to use a custom seccomp profile on a managed Kubernetes cluster
Language: Shell - Size: 5.86 KB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 0 - Forks: 0
subodh-dharma/dockergate
Automated Seccomp policy generation for docker images
Language: Roff - Size: 14.9 MB - Last synced at: about 2 years ago - Pushed at: about 8 years ago - Stars: 6 - Forks: 0
