google/nsjail

A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

Language: C++ - Size: 1.4 MB - Last synced at: 16 days ago - Pushed at: 24 days ago - Stars: 3,527 - Forks: 293

pymumu/jail-shell 📦

Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.

Language: C - Size: 360 KB - Last synced at: 7 months ago - Pushed at: almost 3 years ago - Stars: 122 - Forks: 21

vijos/jd4

Judging daemon for programming contests

Language: Python - Size: 399 KB - Last synced at: 11 months ago - Pushed at: about 1 year ago - Stars: 96 - Forks: 30

Friz-zy/pyspaces 📦

Works with Linux namespaces througth glibc with pure python

Language: Python - Size: 85.9 KB - Last synced at: 2 months ago - Pushed at: over 7 years ago - Stars: 88 - Forks: 11

msantos/alcove

Control plane for system processes

Language: C - Size: 1.58 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 48 - Forks: 2

souk4711/hakoniwa

Process isolation for Linux using namespaces, resource limits, landlock and seccomp.

Language: Rust - Size: 12.4 MB - Last synced at: 12 days ago - Pushed at: 13 days ago - Stars: 45 - Forks: 6

stemjail/stemjail

StemJail: Dynamic Role Compartmentalization

Language: Rust - Size: 327 KB - Last synced at: 14 days ago - Pushed at: about 9 years ago - Stars: 44 - Forks: 0

rti/nixwrap

Easy Application Sandboxing on NixOS

Language: Nix - Size: 1.81 MB - Last synced at: 20 days ago - Pushed at: 21 days ago - Stars: 38 - Forks: 2

msantos/prx

an Erlang library for interacting with Unix processes

Language: Erlang - Size: 443 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 36 - Forks: 6

ehsaniara/joblet

Joblet is a micro-container runtime for running Linux jobs with: Process and filesystem isolation (PID namespace, chroot) Fine-grained CPU, memory, and IO throttling (cgroups v2) Secure job execution with mTLS and RBAC Built-in scheduler, SSE log streaming, and multi-core pinning Ideal for: Agentic AI Workloads (Untrusted code)

Language: Go - Size: 51.3 MB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 25 - Forks: 0

ivanmorenoj/how-containers-works

Understand how linux containers works with practical examples

Language: Shell - Size: 146 KB - Last synced at: 7 months ago - Pushed at: over 4 years ago - Stars: 21 - Forks: 2

rapidlua/sandals

A lightweight process isolation tool, requiring absolutely no privileges to run

Language: C - Size: 301 KB - Last synced at: 7 months ago - Pushed at: almost 6 years ago - Stars: 18 - Forks: 0

bullno1/hako

A minimal sandboxing tool

Language: C - Size: 440 KB - Last synced at: 27 days ago - Pushed at: almost 5 years ago - Stars: 13 - Forks: 0

nniro/jailTools

A GNU/Linux specific toolkit for making and managing jails which are OS level virtualization containers. Implemented using shell scripts with chroot, linux namespaces, pivot_root and embedded into busybox.

Language: Shell - Size: 835 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 11 - Forks: 1

msantos/stdio

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

Language: Elixir - Size: 77.1 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 7 - Forks: 0

igo95862/python-lxns

Python library to control Linux kernel namespaces

Language: Python - Size: 86.9 KB - Last synced at: about 12 hours ago - Pushed at: about 13 hours ago - Stars: 6 - Forks: 1

Samyak2/guntainer

A minimal rootless container runtime on Linux

Language: Go - Size: 50.8 KB - Last synced at: 6 months ago - Pushed at: about 4 years ago - Stars: 5 - Forks: 1

Leo1003/cjail

A chroot jail for online judge

Language: C - Size: 317 KB - Last synced at: about 1 month ago - Pushed at: about 6 years ago - Stars: 5 - Forks: 1

RX0FA/raptor-cage

Command line app that lets you play games in a restricted environment by blocking access to system and network resources. It helps enhancing your privacy and security.

Language: Rust - Size: 137 KB - Last synced at: 22 days ago - Pushed at: 24 days ago - Stars: 4 - Forks: 0

youcefguichi/samir

Minimal Container Runtime

Language: Go - Size: 12 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 4 - Forks: 0

redneb/hs-linux-namespaces

haskell library to work with linux namespaces

Language: Haskell - Size: 22.5 KB - Last synced at: 13 days ago - Pushed at: 11 months ago - Stars: 4 - Forks: 3

msantos/runlet_sh

Generate runlets from containerized Unix processes

Language: Elixir - Size: 46.9 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 3 - Forks: 0

outofforest/osman

Builds, boots and runs linux images on bare metal or inside VMs

Language: Go - Size: 572 KB - Last synced at: 2 months ago - Pushed at: 8 months ago - Stars: 3 - Forks: 0

pure-linux/tinyort

TIO Runtime

Language: Rust - Size: 30.3 KB - Last synced at: 3 months ago - Pushed at: 11 months ago - Stars: 3 - Forks: 0

varqox/masters_thesis 📦

Sandbox for multi-process applications for unprivileged users on Linux

Language: TeX - Size: 11.4 MB - Last synced at: over 1 year ago - Pushed at: almost 2 years ago - Stars: 2 - Forks: 0

Excited-ccccly/playground

Try and Play!

Language: C++ - Size: 185 KB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 1

fn-code/basic-container

this is a basic container from scracth

Language: Go - Size: 15.6 KB - Last synced at: 4 months ago - Pushed at: over 6 years ago - Stars: 2 - Forks: 0

Srylax/subuidless

[POC] Rootless Containers without `/etc/subuid` and `/etc/subgid`

Language: Rust - Size: 271 KB - Last synced at: 28 days ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

opencoff/android-container

Linux containers for Android

Language: C - Size: 92.8 KB - Last synced at: 7 months ago - Pushed at: over 8 years ago - Stars: 1 - Forks: 0

queelius/sandrun

Anonymous, ephemeral, sandboxed code execution service. Secure isolation with Linux namespaces, seccomp-BPF, and resource limits. No accounts, no tracking, auto-deletes.

Language: C++ - Size: 1.02 MB - Last synced at: 20 days ago - Pushed at: 20 days ago - Stars: 0 - Forks: 0

umeshkaul/ztunnel-under-the-hood

Language: Go - Size: 3.62 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

ritvikos/enclosure

Low-level Lightweight Process Sandboxing Tool [WIP]

Language: Rust - Size: 28.3 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

arthurweinmann/experiment-process-containers

:warning: OLD EXPERIMENT I used to learn Rust and linux namespaces :warning: A port of the excellent process isolation library NsJail to rust with experimental features to decrease the startup latency further

Language: Rust - Size: 259 KB - Last synced at: 8 months ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

Eslam-Nawara/tiny-container

Simple Container implementation using linux namespaces and cgroups.

Language: Go - Size: 106 KB - Last synced at: over 1 year ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0

IslamWalid/tcontainer

Container implementation in go

Language: Go - Size: 6.84 KB - Last synced at: over 1 year ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0

demitriusbelai/openssh-portable Fork of openssh/openssh-portable

OpenSSH with Linux namespace support

Language: C - Size: 21.8 MB - Last synced at: over 1 year ago - Pushed at: almost 5 years ago - Stars: 0 - Forks: 0

udovin/WilcotCpp

A C++ library that helps in developing Linux applications.

Language: C++ - Size: 95.7 KB - Last synced at: 9 months ago - Pushed at: over 6 years ago - Stars: 0 - Forks: 0