An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with seccomp

A curated list of projects in awesome lists tagged with seccomp .

https://github.com/slimtoolkit/slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim

Last synced: 09 Sep 2025

https://github.com/docker-slim/docker-slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim

Last synced: 26 Mar 2025

https://github.com/sandstorm-io/sandstorm

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

capnproto decentralized sandstorm seccomp self-hosted self-hosting

Last synced: 14 Mar 2026

https://github.com/walidshaari/certified-kubernetes-security-specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 15 May 2025

https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 08 May 2025

https://github.com/david942j/seccomp-tools

Provide powerful tools for seccomp analysis

ctf sandbox seccomp seccomp-filter seccomp-tools tools

Last synced: 14 May 2025

https://github.com/genuinetools/contained.af

A stupid game for learning about containers, capabilities, and syscalls.

apparmor containers docker game linux opencontainers seccomp security syscalls

Last synced: 16 May 2025

https://github.com/seccomp/libseccomp

The main libseccomp repository

bpf libseccomp seccomp

Last synced: 15 May 2025

https://github.com/fencesandbox/fence

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

bubblewrap code-security coding-agent landlock sandbox seatbelt seccomp socat

Last synced: 08 Jun 2026

https://github.com/Use-Tusk/fence

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

bubblewrap code-security coding-agent landlock sandbox seatbelt seccomp socat

Last synced: 10 Feb 2026

https://github.com/bytedance/varmor

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

apparmor apparmor-profiles bpf containers kubernetes lsm policy sandbox seccomp security

Last synced: 16 May 2025

https://github.com/bytedance/vArmor

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

apparmor apparmor-profiles bpf containers kubernetes lsm policy sandbox seccomp security

Last synced: 30 Apr 2025

https://github.com/mintoolkit/mint

minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

apparmor cont containerd containers docker docker-slim go golang hacktoberfest minify minify-images minimal-container-images podman seccomp seccomp-profile slim slimtoolkit

Last synced: 06 Feb 2026

https://github.com/seccomp/libseccomp-golang

The libseccomp golang bindings repository

bpf libseccomp seccomp

Last synced: 14 May 2025

https://github.com/avilum/secimport

The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.

3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing

Last synced: 16 May 2025

https://github.com/multikernel/sandlock

The lightest AI sandbox. A process-based sandbox for Linux, no container, no VM, no root.

ai-agents landlock linux rust sandboxing seccomp

Last synced: 26 May 2026

https://github.com/xfernando/go2seccomp

Generate seccomp profiles from go binaries

containers go seccomp security

Last synced: 12 Jan 2026

https://github.com/grantseltzer/karn

Simplifying Seccomp enforcement in containerized or non-containerized apps

container-security containers karn seccomp seccomp-filter security security-hardening security-tools

Last synced: 12 May 2025

https://github.com/antitree/syscall2seccomp

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

docker docker-container identify-syscalls seccomp

Last synced: 17 Oct 2025

https://github.com/elastic/go-seccomp-bpf

Go library for installing a seccomp BPF system call filter.

golang seccomp seccomp-bpf-policies

Last synced: 11 Apr 2025

https://github.com/souk4711/hakoniwa

Process isolation for Linux using namespaces, resource limits, cgroups, landlock and seccomp.

cgroups chroot container landlock linux linux-namespaces process rust sandbox sandboxing seccomp security unshare

Last synced: 16 May 2026

https://github.com/orivej/fptrace

Record process launches and files read and written by each process

dependency-graph ptrace seccomp strace

Last synced: 12 Mar 2026

https://github.com/blacktop/seccomp-gen

Docker Secure Computing Profile Generator

docker generator golang seccomp seccomp-profile

Last synced: 23 Apr 2025

https://github.com/healeycodes/untrusted-python

📦 Run untrusted python code on the server.

pyseccomp rlimit sandbox seccomp setrlimit untrusted-code

Last synced: 21 Jun 2025

https://github.com/antitree/keyctl-unmask

Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.

breakout containers docker keyctl kubernetes namespacing seccomp security-tools syscalls

Last synced: 24 Oct 2025

https://github.com/kinvolk/seccompagent

agent for handling seccomp descriptors for container runtimes

containers kinvolk seccomp

Last synced: 16 Jan 2026

https://github.com/giuseppe/easyseccomp

DSL language to write seccomp filters

containers seccomp seccomp-bpf seccomp-filter security

Last synced: 04 Sep 2025

https://github.com/msantos/prx

an Erlang library for interacting with Unix processes

capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal supervisor system-programming

Last synced: 28 Apr 2025

https://github.com/libseccomp-rs/libseccomp-rs

Rust Language Bindings for the libseccomp Library

api-bindings containers libseccomp linux-kernel rust seccomp

Last synced: 04 Apr 2025

https://github.com/giuliocomi/csplogger

A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure

apparmor csp dashboard docker flask hardened-image infrastructure logging report-uri seccomp security-audit security-tools

Last synced: 30 Jan 2026

https://github.com/utoni/potd

A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

c capabilities cgroups honeypot openwrt sandbox seccomp ssh-honeypot

Last synced: 13 May 2025

https://github.com/msantos/xmppipe

stdio over XMPP

capsicum chatbot pledge seccomp xmpp

Last synced: 08 Mar 2026

https://github.com/vi/syscall_limiter

Start Linux programs with only selected syscalls enabled (libseccomp-based)

libseccomp linux seccomp security syscalls

Last synced: 15 Apr 2025

https://github.com/kpcyrd/syscallz-rs

Simple seccomp library for rust

rust sandbox seccomp

Last synced: 20 Aug 2025

https://github.com/debfx/runjail

ad-hoc sandboxes on Linux

linux sandbox seccomp security

Last synced: 21 Jan 2026

https://github.com/equk/torjail

:lock: download, verify & run torbrowser in a sandbox

dwm firejail linux sandbox seccomp seccomp-bpf-policies tor torbrowser xephyr

Last synced: 26 Sep 2025

https://github.com/archguardian-io/kubernetes-apparmor-profiles

AppArmor and Seccomp profiles for K8S images

apparmor kubernetes seccomp

Last synced: 27 Oct 2025

https://github.com/federicoceratto/nim-seccomp

Seccomp (libseccomp2) adapter for the Nim language

nim nim-lang seccomp security

Last synced: 09 Apr 2025

https://github.com/polachok/seccomp-sys

low-level bindings to libseccomp

linux rust rust-library seccomp security

Last synced: 16 Jun 2025

https://github.com/wader/disable_sendfile_vbox_linux

Go VirtualBox vboxsf sendfile bug workaround

bpf golang seccomp sendfile vboxsf

Last synced: 02 May 2026

https://github.com/hartwork/antijack

:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)

c99 command-injection doas ioctl libseccomp linux seccomp seccomp-filter seccomp-filtering seccomp-tools security sudo syscall-filter syscalls tioclinux tiocsti tty

Last synced: 18 Sep 2025

https://github.com/pelagos-containers/pelagos

Daemonless Linux container runtime with a Lisp scripting interface — security-by-default, library API, full networking stack, OCI images, and multi-service orchestration

containers daemonless linux lisp namespaces orchestration rust seccomp

Last synced: 14 Jun 2026

https://github.com/msantos/runcron

simple, safe, container-friendly cron alternative

capsicum cron daemontools exec fork pledge prctl procctl seccomp stdio

Last synced: 28 Apr 2025

https://github.com/proot-me/blog

PRoot Developer Blog

c care hacktoberfest linux proot seccomp

Last synced: 21 Jun 2025

https://github.com/avilum/syscalls

Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.

firejail jail sandbox seccomp seccomp-bpf-policies seccomp-profile security-hardening syscalls

Last synced: 27 Oct 2025

https://github.com/msantos/totp.c

simple, standalone TOTP without dependencies

capsicum pledge seccomp setrlimit totp

Last synced: 28 Apr 2025

https://github.com/subconsciouscompute/seccomp-pledge

seccomp-BPF filtering and pledge/unveil sandboxing for Linux

linux pledge rust seccomp

Last synced: 09 May 2025

https://github.com/nankeen/pwndocker

Docker tools for CTF pwning 👩🏻‍💻👨🏻‍💻🚩

ctf docker exploit-developers gadget gdb libc linux pwn seccomp

Last synced: 16 Jan 2026

https://github.com/msantos/stdio

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

capsicum exec fork inetd linux-namespaces pledge prctl procctl seccomp signal stdio supervisor

Last synced: 28 Apr 2025

https://github.com/msantos/sredird

RFC 2217 network serial port redirector

capsicum pledge rfc2217 seccomp serial setrlimit

Last synced: 28 Apr 2025

https://github.com/msantos/trep

Selectively stream stdin to stdout/stderr based on regular expressions

capsicum grep pledge seccomp setrlimit stdio

Last synced: 28 Apr 2025

https://github.com/akios-ai/akios

Secure runtime for multi-agent AI. Kernel sandboxing (seccomp-bpf), real-time PII redaction, Merkle audit trails.

agentic-ai ai-agents ai-safety artificial-intelligence compliance eu-ai-act machine-learning merkle-tree multi-agent open-source pii-redaction python runtime-enforcement sandboxing seccomp trustworthy-ai zero-trust

Last synced: 14 Mar 2026

https://github.com/sshwy/yaoj-judger

Judger for the future yaoj

c judger kafel online-judge seccomp

Last synced: 14 Jan 2026

https://github.com/moolen/secco

:shield: auto-generate seccomp profiles for Kubernetes

ebpf kubernetes seccomp security

Last synced: 04 Feb 2026

https://github.com/taoky/greenhook

A seccomp-unotify-based syscall hook library for Linux

hook seccomp syscalls

Last synced: 05 May 2025

https://github.com/msantos/pseudocron

sleep(1) using a cron expression

capsicum cron pledge seccomp

Last synced: 24 Feb 2026

https://github.com/kkernick/antimony

Sandbox Applications

bubblewrap linux sandbox seccomp security

Last synced: 02 Jul 2026

https://github.com/foxcpp/scmp-confine

Simple CLI wrapper for libseccomp library written in Go.

seccomp seccomp-tools

Last synced: 07 Jul 2025

https://github.com/html-extract/hext-on-websockets

Websocket Server for Hext. Hext is a domain-specific language for extracting structured data from HTML documents.

async beast boost boost-asio cpp cpp17 seccomp ssl websockets

Last synced: 10 Jul 2025

https://github.com/rustcc/libseccomp-rs

A mid-level binding to libseccomp

bindings linux sandbox seccomp

Last synced: 15 Apr 2026

https://github.com/joemiller/go-jail

[experiment] simple wrapper for executing sandboxed processes using Seccomp and capabilities filters

jail seccomp syscalls wrapper

Last synced: 09 Nov 2025

https://github.com/msantos/libnoexec

Prevent dynamically linked executables from calling exec(3)

exec ldpreload seccomp

Last synced: 06 Apr 2025

https://github.com/appvia/auditd-container

Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator

auditd kind kubernetes seccomp security-profiles-operator

Last synced: 21 Jun 2025

https://github.com/tamimehsan/simple-sandbox

A simple sandbox to practice linux security primitives

sandbox seccomp

Last synced: 14 Mar 2025

https://github.com/voidc/seccomp-notif

A PoC for using the new seccomp-notif Linux feature from Rust.

linux rust seccomp seccomp-notify

Last synced: 05 May 2026

https://github.com/msantos/hexlog

Hexdump stdin and/or stdout to stderr

capsicum exec fork hexdump pledge seccomp setrlimit stdio

Last synced: 24 Jun 2025

https://github.com/msantos/prv

pressure relief valve for Unix process pipelines

capsicum flowcontrol pledge seccomp setrlimit

Last synced: 26 Jul 2025

https://github.com/msantos/genlb-ptrace

connect(2) load balancer for Unix processes

ptrace seccomp setrlimit

Last synced: 06 Apr 2025

https://github.com/archguardian-io/docker-apparmor-profiles

AppArmor and Seccomp profiles for Docker images

apparmor docker seccomp

Last synced: 25 Dec 2025

https://github.com/nmicic/compartment

Kernel-enforced sandboxing for untrusted processes. Two zero-dependency core tools, one shared profile format, plus an optional BPF-LSM module.

bpf-lsm defense-in-depth ebpf hardening landlock linux linux-security-module namespace privilege-separation process-isolation sandboxing seccomp security syscall-filtering

Last synced: 21 May 2026

https://github.com/albertdobmeyer/opencli-container

Hardened container harness for OpenClaw agents — proxy-gated networking and security verification

ai-agents ai-safety container-security defense-in-depth docker mitmproxy openclaw podman sandbox seccomp security

Last synced: 29 May 2026

https://github.com/msantos/tscat

Timestamp stdin to stdout/stderr

capsicum logging pledge seccomp setrlimit stdio timestamp

Last synced: 05 Jul 2025

https://github.com/gcmurphy/forkoff

prevent forking of external processes via kafel + neon + node.js

help-wanted kafel neon nodejs rust seccomp

Last synced: 16 May 2026

https://github.com/juliosuas/copyfail-guard

Fast, auditable Linux mitigation for CVE-2026-31431 Copy Fail: algif_aead block, verification, and AF_ALG seccomp hardening.

af-alg container-security copy-fail cve cve-2026-31431 devsecops docker-security incident-response kernel-hardening kubernetes-security linux linux-kernel seccomp security sysadmin

Last synced: 03 May 2026

https://github.com/msantos/nonetexec

nonetexec: prevent an exec(3)'ed command from opening new sockets

exec firewall seccomp

Last synced: 09 Oct 2025

https://github.com/micromaomao/libturnstile

Seccomp-unotify access tracer and namespace-based sandboxing library

linux seccomp

Last synced: 27 Apr 2026

https://github.com/whiskeyjimbo/bento

A lightweight, zero-config script sandboxing engine in Go. Safely execute Python, Node, and Shell scripts under strict OS-level isolation (Bubblewrap/Seatbelt) with fine-grained network proxies, resource ceilings, and interactive permission prompts.

bubblewrap devops go golang isolation landlock sandbox seatbelt seccomp security

Last synced: 30 May 2026

https://github.com/douile/bwrap-scripts

Mirror of https://codeberg.org/Douile/bwrap-scripts

bwrap linux sandboxing seccomp

Last synced: 29 Jun 2026

https://github.com/tomastomecek/devconf-container-roadshow-2017

My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.

capabilities containers docker moby namespaces networking seccomp selinux

Last synced: 26 Feb 2025

https://github.com/rios0rios0/termux-etc-redirect

Transparent `/etc/` path redirection for Termux — enables Go CLIs (`gh`, `terraform`, `kubectl`) to resolve DNS and verify TLS certificates without `proot`, using `LD_PRELOAD` and `seccomp` `user_notif`

android dns-resolution ld-preload seccomp termux

Last synced: 04 Apr 2026