{"id":13830113,"url":"https://github.com/willfindlay/bpfbox","last_synced_at":"2025-07-09T11:32:06.969Z","repository":{"id":52669760,"uuid":"254674022","full_name":"willfindlay/bpfbox","owner":"willfindlay","description":" 🐝 BPFBox 📦 Exploring process confinement in eBPF","archived":false,"fork":false,"pushed_at":"2024-01-11T17:40:25.000Z","size":4744,"stargazers_count":101,"open_issues_count":2,"forks_count":9,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-11-20T12:09:34.751Z","etag":null,"topics":["bcc","ebpf","linux","linux-kernel","runtime-security","sandbox","security"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willfindlay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-10T15:48:55.000Z","updated_at":"2024-09-30T15:49:08.000Z","dependencies_parsed_at":"2024-05-28T02:26:03.809Z","dependency_job_id":"ae30d4c2-0ff9-4ef5-8cb5-1f285c568647","html_url":"https://github.com/willfindlay/bpfbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/willfindlay/bpfbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfindlay%2Fbpfbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfindlay%2Fbpfbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfindlay%2Fbpfbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfindlay%2Fbpfbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willfindlay","download_url":"https://codeload.github.com/willfindlay/bpfbox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfindlay%2Fbpfbox/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264450546,"owners_count":23610191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bcc","ebpf","linux","linux-kernel","runtime-security","sandbox","security"],"created_at":"2024-08-04T10:00:55.790Z","updated_at":"2025-07-09T11:32:06.626Z","avatar_url":"https://github.com/willfindlay.png","language":"C","readme":"# 🐝 bpfbox 📦\n\n`bpfbox` is a policy enforcement engine written in eBPF to confine process access to security-sensitive system resources.\n\n## bpfbox is EOL\n\nBPFBox is being replaced by [BPFContain](https://github.com/willfindlay/bpfcontain-rs/), a new confinement solution written in Rust using libbpf-rs.\n\n## Links\n\nOur research paper: https://www.cisl.carleton.ca/~will/written/conference/bpfbox-ccsw2020.pdf\n\n## Disclaimer\n\n`bpfbox` is very much a research prototype at this stage. Not recommended for production use before version 1.0.0.\n\n## Roadmap / TODO\n\n- Implement auto attachment of uprobes/kprobes for process state\n- Fully implement the uprobe/kprobe support in the policy language (see below)\n- Re-visit policy langugage\n    - Move to yaml / rego?\n- Document final version of policy language\n- Add more unit tests / document code coverage\n\n## Requirements\n\n1. Linux 5.8+ compiled with at least CONFIG_BPF=y, CONFIG_BPF_SYSCALL=y, CONFIG_BPF_JIT=y, CONFIG_TRACEPOINTS=y, CONFIG_BPF_LSM=y, CONFIG_DEBUG_INFO=y, CONFIG_DEBUG_INFO_BTF=y, CONFIG_LSM=\"bpf\". pahole \u003e= 0.16 must be installed for the kernel to be built with BTF info.\n1. Either the latest version of bcc from https://github.com/iovisor/bcc or bcc version 0.16+. If building from source, be sure to include -DPYTHON_CMD=python3 in your the cmake flags\n1. Python 3.8+\n\n## Installation\n\n- Coming soon, for now just run from the `bin` directory in this repository.\n\n## Usage\n\n1. Install policy files in `/var/lib/bpfbox/policy`\n1. Run the daemon using `sudo bpfboxd`\n1. Inspect audit logs with `tail -f /var/log/bpfbox/bpfbox.log`\n\n## Citation\n\nIf you would like to cite this work, we request that you use the following bibtex entry:\n```bibtex\n@inproceedings{findlay2020_bpfbox,\n    author    = {Findlay, William and Somayaji, Anil and Barrera, David},\n    title     = {{bpfbox: Simple Precise Process Confinement with eBPF}},\n    year      = {2020},\n    isbn      = {9781450380843},\n    publisher = {Association for Computing Machinery},\n    address   = {New York, NY, USA},\n    doi       = {10.1145/3411495.3421358},\n    booktitle = {Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop},\n    pages     = {91–103},\n    numpages  = {13},\n    keywords  = {ebpf, application confinement, access control, sandboxing, operating system security, linux},\n    location  = {Virtual Event, USA},\n    series    = {CCSW'20}\n}\n```\n","funding_links":[],"categories":["C"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfindlay%2Fbpfbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillfindlay%2Fbpfbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfindlay%2Fbpfbox/lists"}