nsjail
Process isolator
A lightweight process isolation tool for Linux that provides isolated environments for network services and local processes.
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
3k stars
88 watching
274 forks
Language: C++
last commit: 17 days ago
Linked from 1 awesome list
chrootlinuxlinux-namespacesprocess-isolationseccomp-bpf-policiessecurity
friz-zy/awesome-linux-containersRelated projects:
| Repository | Description | Stars |
|---|---|---|
 netblue30/firejail | A security tool designed to restrict the environment of potentially untrusted applications on Linux systems. | 5,811 |
| google/gvisor | An application kernel that provides isolation between running applications and the host operating system | 15,851 |
 shamedgh/confine | Generates Seccomp profiles to reduce Linux kernel vulnerabilities in containers | 62 |
 cohdjn/cisecurity | Automates Linux hardening to conform to Center for Internet Security Benchmark standards | 9 |
| google/oss-fuzz | An automated testing framework that uses random data to find errors in software | 10,548 |
 containers/bubblewrap | Sandboxing tool to provide isolation and security for unprivileged users | 3,966 |
| google/sanitizers | Maintains documentation and helper code for a set of sanitizers to detect and prevent common programming errors. | 11,517 |
 trimstray/the-practical-linux-hardening-guide | A comprehensive guide to creating secure Linux production systems using industry standards and best practices | 9,947 |
 opennhp/opennhp | A Zero Trust networking protocol to hide servers and data from attackers by utilizing cryptography at the OSI 5th layer. | 13,513 |
 gchq/cyberchef | A web-based tool for manipulating data through various encoding, encryption, compression, and analysis operations | 29,255 |
 dominicbreuker/pspy | A tool to monitor Linux processes without root permissions | 4,960 |
 anchore/syft | Generates detailed visibility into software packages and dependencies to manage vulnerabilities and license compliance. | 6,248 |
| google/syzkaller | An unsupervised coverage-guided kernel fuzzer | 5,386 |
 evilsocket/opensnitch | An interactive application firewall that allows users to filter and manage network connections on GNU/Linux systems. | 10,932 |
 brexhq/substation | A toolkit for routing, normalizing, and enriching security event logs across the cloud | 329 |