Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with seccomp

A curated list of projects in awesome lists tagged with seccomp .

https://github.com/slimtoolkit/slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim

Last synced: 06 Jan 2025

https://github.com/sandstorm-io/sandstorm

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

capnproto decentralized sandstorm seccomp self-hosted self-hosting

Last synced: 25 Oct 2024

https://github.com/walidshaari/certified-kubernetes-security-specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 08 Jan 2025

https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 15 Nov 2024

https://github.com/david942j/seccomp-tools

Provide powerful tools for seccomp analysis

ctf sandbox seccomp seccomp-filter seccomp-tools tools

Last synced: 08 Jan 2025

https://github.com/genuinetools/contained.af

A stupid game for learning about containers, capabilities, and syscalls.

apparmor containers docker game linux opencontainers seccomp security syscalls

Last synced: 08 Jan 2025

https://github.com/seccomp/libseccomp

The main libseccomp repository

bpf libseccomp seccomp

Last synced: 07 Jan 2025

https://github.com/bytedance/varmor

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

bpf containers kubernetes lsm policy sandbox seccomp security

Last synced: 07 Jan 2025

https://github.com/seccomp/libseccomp-golang

The libseccomp golang bindings repository

bpf libseccomp seccomp

Last synced: 07 Jan 2025

https://github.com/avilum/secimport

eBPF Python runtime sandbox with seccomp (Blocks RCE).

3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing

Last synced: 05 Jan 2025

https://github.com/xfernando/go2seccomp

Generate seccomp profiles from go binaries

containers go seccomp security

Last synced: 12 Nov 2024

https://github.com/grantseltzer/karn

Simplifying Seccomp enforcement in containerized or non-containerized apps

container-security containers karn seccomp seccomp-filter security security-hardening security-tools

Last synced: 18 Nov 2024

https://github.com/antitree/syscall2seccomp

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

docker docker-container identify-syscalls seccomp

Last synced: 17 Dec 2024

https://github.com/elastic/go-seccomp-bpf

Go library for installing a seccomp BPF system call filter.

golang seccomp seccomp-bpf-policies

Last synced: 08 Jan 2025

https://github.com/orivej/fptrace

Record process launches and files read and written by each process

dependency-graph ptrace seccomp strace

Last synced: 05 Nov 2024

https://github.com/blacktop/seccomp-gen

Docker Secure Computing Profile Generator

docker generator golang seccomp seccomp-profile

Last synced: 17 Nov 2024

https://github.com/alegrey91/harpoon

🔍 Trace syscalls of user-space defined functions, using eBPF

ebpf ebpf-programs golang seccomp security-audit security-tools syscalls system-calls

Last synced: 14 Nov 2024

https://github.com/antitree/keyctl-unmask

Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.

breakout containers docker keyctl kubernetes namespacing seccomp security-tools syscalls

Last synced: 17 Dec 2024

https://github.com/healeycodes/untrusted-python

📦 Run untrusted python code on the server.

pyseccomp rlimit sandbox seccomp setrlimit untrusted-code

Last synced: 10 Dec 2024

https://github.com/msantos/prx

an Erlang library for interacting with Unix processes

capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal supervisor system-programming

Last synced: 19 Dec 2024

https://github.com/giuseppe/easyseccomp

DSL language to write seccomp filters

containers seccomp seccomp-bpf seccomp-filter security

Last synced: 28 Oct 2024

https://github.com/libseccomp-rs/libseccomp-rs

Rust Language Bindings for the libseccomp Library

api-bindings containers libseccomp linux-kernel rust seccomp

Last synced: 04 Jan 2025

https://github.com/utoni/potd

A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

c capabilities cgroups honeypot openwrt sandbox seccomp ssh-honeypot

Last synced: 18 Nov 2024

https://github.com/msantos/xmppipe

stdio over XMPP

capsicum chatbot pledge seccomp xmpp

Last synced: 19 Dec 2024

https://github.com/kpcyrd/syscallz-rs

Simple seccomp library for rust

rust sandbox seccomp

Last synced: 08 Nov 2024

https://github.com/vi/syscall_limiter

Start Linux programs with only selected syscalls enabled (libseccomp-based)

libseccomp linux seccomp security syscalls

Last synced: 08 Nov 2024

https://github.com/equk/torjail

:lock: download, verify & run torbrowser in a sandbox

dwm firejail linux sandbox seccomp seccomp-bpf-policies tor torbrowser xephyr

Last synced: 24 Nov 2024

https://github.com/federicoceratto/nim-seccomp

Seccomp (libseccomp2) adapter for the Nim language

nim nim-lang seccomp security

Last synced: 05 Jan 2025

https://github.com/wader/disable_sendfile_vbox_linux

Go VirtualBox vboxsf sendfile bug workaround

bpf golang seccomp sendfile vboxsf

Last synced: 27 Dec 2024

https://github.com/hartwork/antijack

:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)

c99 command-injection doas ioctl libseccomp linux seccomp seccomp-filter seccomp-filtering seccomp-tools security sudo syscall-filter syscalls tioclinux tiocsti tty

Last synced: 28 Oct 2024

https://github.com/msantos/runcron

simple, safe, container-friendly cron alternative

capsicum cron daemontools exec fork pledge prctl procctl seccomp stdio

Last synced: 19 Dec 2024

https://github.com/avilum/syscalls

Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.

firejail jail sandbox seccomp seccomp-bpf-policies seccomp-profile security-hardening syscalls

Last synced: 11 Oct 2024

https://github.com/nankeen/pwndocker

Docker tools for CTF pwning 👩🏻‍💻👨🏻‍💻🚩

ctf docker exploit-developers gadget gdb libc linux pwn seccomp

Last synced: 21 Nov 2024

https://github.com/msantos/totp.c

simple, standalone TOTP without dependencies

capsicum pledge seccomp setrlimit totp

Last synced: 19 Dec 2024

https://github.com/msantos/stdio

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

capsicum exec fork inetd linux-namespaces pledge prctl procctl seccomp signal stdio supervisor

Last synced: 19 Dec 2024

https://github.com/proot-me/blog

PRoot Developer Blog

c care hacktoberfest linux proot seccomp

Last synced: 09 Nov 2024

https://github.com/msantos/sredird

RFC 2217 network serial port redirector

capsicum pledge rfc2217 seccomp serial setrlimit

Last synced: 19 Dec 2024

https://github.com/msantos/trep

Selectively stream stdin to stdout/stderr based on regular expressions

capsicum grep pledge seccomp setrlimit stdio

Last synced: 19 Dec 2024

https://github.com/moolen/secco

:shield: auto-generate seccomp profiles for Kubernetes

ebpf kubernetes seccomp security

Last synced: 11 Nov 2024

https://github.com/msantos/pseudocron

sleep(1) using a cron expression

capsicum cron pledge seccomp

Last synced: 19 Dec 2024

https://github.com/subconsciouscompute/seccomp-pledge

seccomp-BPF filtering and pledge/unveil sandboxing for Linux

linux pledge rust seccomp

Last synced: 09 Nov 2024

https://github.com/rustcc/libseccomp-rs

A mid-level binding to libseccomp

bindings linux sandbox seccomp

Last synced: 13 Nov 2024

https://github.com/taoky/greenhook

A seccomp-unotify-based syscall hook library for Linux

hook seccomp syscalls

Last synced: 13 Dec 2024

https://github.com/foxcpp/scmp-confine

Simple CLI wrapper for libseccomp library written in Go.

seccomp seccomp-tools

Last synced: 19 Dec 2024

https://github.com/html-extract/hext-on-websockets

Websocket Server for Hext. Hext is a domain-specific language for extracting structured data from HTML documents.

async beast boost boost-asio cpp cpp17 seccomp ssl websockets

Last synced: 19 Dec 2024

https://github.com/joemiller/go-jail

[experiment] simple wrapper for executing sandboxed processes using Seccomp and capabilities filters

jail seccomp syscalls wrapper

Last synced: 28 Dec 2024

https://github.com/appvia/auditd-container

Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator

auditd kind kubernetes seccomp security-profiles-operator

Last synced: 31 Dec 2024

https://github.com/voidc/seccomp-notif

A PoC for using the new seccomp-notif Linux feature from Rust.

linux rust seccomp seccomp-notify

Last synced: 10 Dec 2024

https://github.com/msantos/libnoexec

Prevent dynamically linked executables from calling exec(3)

exec ldpreload seccomp

Last synced: 19 Dec 2024

https://github.com/gcmurphy/forkoff

prevent forking of external processes via kafel + neon + node.js

help-wanted kafel neon nodejs rust seccomp

Last synced: 02 Dec 2024

https://github.com/archguardian-io/kubernetes-apparmor-profiles

AppArmor and Seccomp profiles for K8S images

apparmor kubernetes seccomp

Last synced: 19 Dec 2024

https://github.com/msantos/prv

pressure relief valve for Unix process pipelines

capsicum flowcontrol pledge seccomp setrlimit

Last synced: 19 Dec 2024

https://github.com/msantos/genlb-ptrace

connect(2) load balancer for Unix processes

ptrace seccomp setrlimit

Last synced: 19 Dec 2024

https://github.com/msantos/tscat

Timestamp stdin to stdout/stderr

capsicum logging pledge seccomp setrlimit stdio timestamp

Last synced: 19 Dec 2024

https://github.com/msantos/hexlog

Hexdump stdin and/or stdout to stderr

capsicum exec fork hexdump pledge seccomp setrlimit stdio

Last synced: 19 Dec 2024

https://github.com/msantos/nonetexec

nonetexec: prevent an exec(3)'ed command from opening new sockets

exec firewall seccomp

Last synced: 19 Dec 2024

https://github.com/tomastomecek/devconf-container-roadshow-2017

My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.

capabilities containers docker moby namespaces networking seccomp selinux

Last synced: 15 Oct 2024

https://github.com/archguardian-io/docker-apparmor-profiles

AppArmor and Seccomp profiles for Docker images

apparmor docker seccomp

Last synced: 17 Nov 2024