Projects in Awesome Lists tagged with seccomp
A curated list of projects in awesome lists tagged with seccomp .
https://github.com/slimtoolkit/slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim
Last synced: 09 Sep 2025
https://github.com/docker-slim/docker-slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim
Last synced: 26 Mar 2025
https://github.com/sandstorm-io/sandstorm
Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
capnproto decentralized sandstorm seccomp self-hosted self-hosting
Last synced: 14 Mar 2026
https://github.com/walidshaari/certified-kubernetes-security-specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy
Last synced: 15 May 2025
https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy
Last synced: 08 May 2025
https://github.com/david942j/seccomp-tools
Provide powerful tools for seccomp analysis
ctf sandbox seccomp seccomp-filter seccomp-tools tools
Last synced: 14 May 2025
https://github.com/genuinetools/contained.af
A stupid game for learning about containers, capabilities, and syscalls.
apparmor containers docker game linux opencontainers seccomp security syscalls
Last synced: 16 May 2025
https://github.com/fencesandbox/fence
Lightweight, container-free sandbox for running commands with network and filesystem restrictions
bubblewrap code-security coding-agent landlock sandbox seatbelt seccomp socat
Last synced: 08 Jun 2026
https://github.com/kubernetes-sigs/security-profiles-operator
The Kubernetes Security Profiles Operator
apparmor k8s-sig-node kubernetes kubernetes-operator seccomp seccomp-operator seccomp-profiles security-profiles selinux
Last synced: 15 May 2025
https://github.com/Use-Tusk/fence
Lightweight, container-free sandbox for running commands with network and filesystem restrictions
bubblewrap code-security coding-agent landlock sandbox seatbelt seccomp socat
Last synced: 10 Feb 2026
https://github.com/bytedance/varmor
vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
apparmor apparmor-profiles bpf containers kubernetes lsm policy sandbox seccomp security
Last synced: 16 May 2025
https://github.com/bytedance/vArmor
vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
apparmor apparmor-profiles bpf containers kubernetes lsm policy sandbox seccomp security
Last synced: 30 Apr 2025
https://github.com/mintoolkit/mint
minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
apparmor cont containerd containers docker docker-slim go golang hacktoberfest minify minify-images minimal-container-images podman seccomp seccomp-profile slim slimtoolkit
Last synced: 06 Feb 2026
https://github.com/seccomp/libseccomp-golang
The libseccomp golang bindings repository
Last synced: 14 May 2025
https://github.com/moabukar/cks-exercises-certified-kubernetes-security-specialist
A set of curated exercises to help you prepare for the CKS exam
anchore apparmor audit-log cks containerd containers falco gvisor kube-bench kubernetes networkpolicies opa seccomp secrets-management security security-tools static-analysis sysdig trivy
Last synced: 06 Apr 2025
https://github.com/avilum/secimport
The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.
3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing
Last synced: 16 May 2025
https://github.com/multikernel/sandlock
The lightest AI sandbox. A process-based sandbox for Linux, no container, no VM, no root.
ai-agents landlock linux rust sandboxing seccomp
Last synced: 26 May 2026
https://github.com/alegrey91/harpoon
🔍 Seccomp profiling and function-level tracing tool.
devops devsecops devsecops-pipeline ebpf ebpf-programs golang hacktoberfest hardening seccomp security-audit security-tools syscalls system-calls
Last synced: 05 Apr 2025
https://github.com/xfernando/go2seccomp
Generate seccomp profiles from go binaries
containers go seccomp security
Last synced: 12 Jan 2026
https://github.com/grantseltzer/karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
container-security containers karn seccomp seccomp-filter security security-hardening security-tools
Last synced: 12 May 2025
https://github.com/antitree/syscall2seccomp
Build custom Docker seccomp profiles for containers by finding syscalls it uses.
docker docker-container identify-syscalls seccomp
Last synced: 17 Oct 2025
https://github.com/elastic/go-seccomp-bpf
Go library for installing a seccomp BPF system call filter.
golang seccomp seccomp-bpf-policies
Last synced: 11 Apr 2025
https://github.com/souk4711/hakoniwa
Process isolation for Linux using namespaces, resource limits, cgroups, landlock and seccomp.
cgroups chroot container landlock linux linux-namespaces process rust sandbox sandboxing seccomp security unshare
Last synced: 16 May 2026
https://github.com/orivej/fptrace
Record process launches and files read and written by each process
dependency-graph ptrace seccomp strace
Last synced: 12 Mar 2026
https://github.com/bnbdr/ida-bpf-processor
BPF Processor for IDA Python
bpf disasm disassembler ida idapython-plugin processor seccomp
Last synced: 12 Jan 2026
https://github.com/msantos/alcove
Control plane for system processes
capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal system-programming
Last synced: 15 Apr 2025
https://github.com/blacktop/seccomp-gen
Docker Secure Computing Profile Generator
docker generator golang seccomp seccomp-profile
Last synced: 23 Apr 2025
https://github.com/healeycodes/untrusted-python
📦 Run untrusted python code on the server.
pyseccomp rlimit sandbox seccomp setrlimit untrusted-code
Last synced: 21 Jun 2025
https://github.com/antitree/keyctl-unmask
Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.
breakout containers docker keyctl kubernetes namespacing seccomp security-tools syscalls
Last synced: 24 Oct 2025
https://github.com/kinvolk/seccompagent
agent for handling seccomp descriptors for container runtimes
Last synced: 16 Jan 2026
https://github.com/giuseppe/easyseccomp
DSL language to write seccomp filters
containers seccomp seccomp-bpf seccomp-filter security
Last synced: 04 Sep 2025
https://github.com/msantos/prx
an Erlang library for interacting with Unix processes
capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal supervisor system-programming
Last synced: 28 Apr 2025
https://github.com/libseccomp-rs/libseccomp-rs
Rust Language Bindings for the libseccomp Library
api-bindings containers libseccomp linux-kernel rust seccomp
Last synced: 04 Apr 2025
https://github.com/giuliocomi/csplogger
A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure
apparmor csp dashboard docker flask hardened-image infrastructure logging report-uri seccomp security-audit security-tools
Last synced: 30 Jan 2026
https://github.com/utoni/potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
c capabilities cgroups honeypot openwrt sandbox seccomp ssh-honeypot
Last synced: 13 May 2025
https://github.com/vi/syscall_limiter
Start Linux programs with only selected syscalls enabled (libseccomp-based)
libseccomp linux seccomp security syscalls
Last synced: 15 Apr 2025
https://github.com/debfx/runjail
ad-hoc sandboxes on Linux
linux sandbox seccomp security
Last synced: 21 Jan 2026
https://github.com/equk/torjail
:lock: download, verify & run torbrowser in a sandbox
dwm firejail linux sandbox seccomp seccomp-bpf-policies tor torbrowser xephyr
Last synced: 26 Sep 2025
https://github.com/archguardian-io/kubernetes-apparmor-profiles
AppArmor and Seccomp profiles for K8S images
Last synced: 27 Oct 2025
https://github.com/federicoceratto/nim-seccomp
Seccomp (libseccomp2) adapter for the Nim language
Last synced: 09 Apr 2025
https://github.com/polachok/seccomp-sys
low-level bindings to libseccomp
linux rust rust-library seccomp security
Last synced: 16 Jun 2025
https://github.com/hartwork/antijack
:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)
c99 command-injection doas ioctl libseccomp linux seccomp seccomp-filter seccomp-filtering seccomp-tools security sudo syscall-filter syscalls tioclinux tiocsti tty
Last synced: 18 Sep 2025
https://github.com/ghostlock-ai/capsule
Agent Security Runtime
agent audit langchain linux linux-kernel runtime rust seccomp seccomp-bpf seccomp-profile security-tools
Last synced: 29 Apr 2026
https://github.com/binarymist/dockersecurity-quickreference
:books: :whale: For DevOps Engineers :whale: :books:
application-security book books capabilities cgroups control-groups devops devsecops docker docker-security information-security infosec linux lsm namespaces seccomp security volumes web-application-security
Last synced: 16 May 2025
https://github.com/pelagos-containers/pelagos
Daemonless Linux container runtime with a Lisp scripting interface — security-by-default, library API, full networking stack, OCI images, and multi-service orchestration
containers daemonless linux lisp namespaces orchestration rust seccomp
Last synced: 14 Jun 2026
https://github.com/proot-me/blog
PRoot Developer Blog
c care hacktoberfest linux proot seccomp
Last synced: 21 Jun 2025
https://github.com/avilum/syscalls
Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.
firejail jail sandbox seccomp seccomp-bpf-policies seccomp-profile security-hardening syscalls
Last synced: 27 Oct 2025
https://github.com/light-magician/capsule
Agent Security Runtime
agent audit langchain linux linux-kernel runtime rust seccomp seccomp-bpf seccomp-profile security-tools
Last synced: 24 Jun 2025
https://github.com/subconsciouscompute/seccomp-pledge
seccomp-BPF filtering and pledge/unveil sandboxing for Linux
Last synced: 09 May 2025
https://github.com/nankeen/pwndocker
Docker tools for CTF pwning 👩🏻💻👨🏻💻🚩
ctf docker exploit-developers gadget gdb libc linux pwn seccomp
Last synced: 16 Jan 2026
https://github.com/msantos/stdio
Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes
capsicum exec fork inetd linux-namespaces pledge prctl procctl seccomp signal stdio supervisor
Last synced: 28 Apr 2025
https://github.com/akios-ai/akios
Secure runtime for multi-agent AI. Kernel sandboxing (seccomp-bpf), real-time PII redaction, Merkle audit trails.
agentic-ai ai-agents ai-safety artificial-intelligence compliance eu-ai-act machine-learning merkle-tree multi-agent open-source pii-redaction python runtime-enforcement sandboxing seccomp trustworthy-ai zero-trust
Last synced: 14 Mar 2026
https://github.com/sshwy/yaoj-judger
Judger for the future yaoj
c judger kafel online-judge seccomp
Last synced: 14 Jan 2026
https://github.com/moolen/secco
:shield: auto-generate seccomp profiles for Kubernetes
ebpf kubernetes seccomp security
Last synced: 04 Feb 2026
https://github.com/taoky/greenhook
A seccomp-unotify-based syscall hook library for Linux
Last synced: 05 May 2025
https://github.com/kkernick/antimony
Sandbox Applications
bubblewrap linux sandbox seccomp security
Last synced: 02 Jul 2026
https://github.com/foxcpp/scmp-confine
Simple CLI wrapper for libseccomp library written in Go.
Last synced: 07 Jul 2025
https://github.com/html-extract/hext-on-websockets
Websocket Server for Hext. Hext is a domain-specific language for extracting structured data from HTML documents.
async beast boost boost-asio cpp cpp17 seccomp ssl websockets
Last synced: 10 Jul 2025
https://github.com/rustcc/libseccomp-rs
A mid-level binding to libseccomp
bindings linux sandbox seccomp
Last synced: 15 Apr 2026
https://github.com/schnatterer/cks-short-tips
Five short tips for passing the CKS exam (Certified Kubernetes Security Specialist)
apparmor certified-kubernetes-security-specialist cks etcd falco k8s kube-apiserver kube-bench kubectl kubernetes kubesec opa open-policy-agent psa seccomp security trivy
Last synced: 22 Jun 2025
https://github.com/joemiller/go-jail
[experiment] simple wrapper for executing sandboxed processes using Seccomp and capabilities filters
Last synced: 09 Nov 2025
https://github.com/msantos/libnoexec
Prevent dynamically linked executables from calling exec(3)
Last synced: 06 Apr 2025
https://github.com/appvia/auditd-container
Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator
auditd kind kubernetes seccomp security-profiles-operator
Last synced: 21 Jun 2025
https://github.com/tamimehsan/simple-sandbox
A simple sandbox to practice linux security primitives
Last synced: 14 Mar 2025
https://github.com/voidc/seccomp-notif
A PoC for using the new seccomp-notif Linux feature from Rust.
linux rust seccomp seccomp-notify
Last synced: 05 May 2026
https://github.com/msantos/prv
pressure relief valve for Unix process pipelines
capsicum flowcontrol pledge seccomp setrlimit
Last synced: 26 Jul 2025
https://github.com/cuandari/lib-oss
discue gatekeeper go golang ptrace seccomp
Last synced: 12 Jan 2026
https://github.com/msantos/genlb-ptrace
connect(2) load balancer for Unix processes
Last synced: 06 Apr 2025
https://github.com/archguardian-io/docker-apparmor-profiles
AppArmor and Seccomp profiles for Docker images
Last synced: 25 Dec 2025
https://github.com/nmicic/compartment
Kernel-enforced sandboxing for untrusted processes. Two zero-dependency core tools, one shared profile format, plus an optional BPF-LSM module.
bpf-lsm defense-in-depth ebpf hardening landlock linux linux-security-module namespace privilege-separation process-isolation sandboxing seccomp security syscall-filtering
Last synced: 21 May 2026
https://github.com/albertdobmeyer/opencli-container
Hardened container harness for OpenClaw agents — proxy-gated networking and security verification
ai-agents ai-safety container-security defense-in-depth docker mitmproxy openclaw podman sandbox seccomp security
Last synced: 29 May 2026
https://github.com/discue/go-syscall-gatekeeper-cli
discue gatekeeper go golang ptrace seccomp
Last synced: 02 Nov 2025
https://github.com/gcmurphy/forkoff
prevent forking of external processes via kafel + neon + node.js
help-wanted kafel neon nodejs rust seccomp
Last synced: 16 May 2026
https://github.com/msantos/collectd-prv
stdout to collectd notification
capsicum collectd flowcontrol monitoring pledge seccomp setrlimit
Last synced: 07 Oct 2025
https://github.com/juliosuas/copyfail-guard
Fast, auditable Linux mitigation for CVE-2026-31431 Copy Fail: algif_aead block, verification, and AF_ALG seccomp hardening.
af-alg container-security copy-fail cve cve-2026-31431 devsecops docker-security incident-response kernel-hardening kubernetes-security linux linux-kernel seccomp security sysadmin
Last synced: 03 May 2026
https://github.com/msantos/nonetexec
nonetexec: prevent an exec(3)'ed command from opening new sockets
Last synced: 09 Oct 2025
https://github.com/szsolt0/thesis
BSc thesis on Linux kernel sandboxing with Landlock & seccomp
bsc-thesis cpp geiakszd1-bp-b2 landlock linux linux-kernel resource-isolation sandbox seccomp seccomp-bpf seccomp-filter security syscall systems-programming
Last synced: 27 Apr 2026
https://github.com/micromaomao/libturnstile
Seccomp-unotify access tracer and namespace-based sandboxing library
Last synced: 27 Apr 2026
https://github.com/whiskeyjimbo/bento
A lightweight, zero-config script sandboxing engine in Go. Safely execute Python, Node, and Shell scripts under strict OS-level isolation (Bubblewrap/Seatbelt) with fine-grained network proxies, resource ceilings, and interactive permission prompts.
bubblewrap devops go golang isolation landlock sandbox seatbelt seccomp security
Last synced: 30 May 2026
https://github.com/anyparser/seccomp-sandbox
Seccomp Sandbox
seccomp seccomp-sandbox ubuntu
Last synced: 01 Mar 2025
https://github.com/rusty-snake/openat_dialog_poc
seccomp seccomp-addfd seccomp-notify
Last synced: 13 Apr 2026
https://github.com/douile/bwrap-scripts
Mirror of https://codeberg.org/Douile/bwrap-scripts
bwrap linux sandboxing seccomp
Last synced: 29 Jun 2026
https://github.com/tomastomecek/devconf-container-roadshow-2017
My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.
capabilities containers docker moby namespaces networking seccomp selinux
Last synced: 26 Feb 2025
https://github.com/lawndoc/seccomp-ci-demo
Automate seccomp filter generation in your CI pipeline
ci container-security containers devops devsecops ebpf linux seccomp security security-automation syscalls
Last synced: 07 May 2026
https://github.com/huxulm/k8s-simulator
CKA,CKS Simulator Questions (k8s v1.31)
apparmor cka ckad cks falco kernel-hardening kube-bench kubernetes kubernetes-security kubesec os-footprint pod-security-admission seccomp system-hardening trivy
Last synced: 11 Nov 2025
https://github.com/rios0rios0/termux-etc-redirect
Transparent `/etc/` path redirection for Termux — enables Go CLIs (`gh`, `terraform`, `kubectl`) to resolve DNS and verify TLS certificates without `proot`, using `LD_PRELOAD` and `seccomp` `user_notif`
android dns-resolution ld-preload seccomp termux
Last synced: 04 Apr 2026