nsjail
Process isolator
A lightweight process isolation tool for Linux that provides isolated environments for network services and local processes.
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
3k stars
88 watching
276 forks
Language: C++
last commit: 5 months ago
Linked from 1 awesome list
chrootlinuxlinux-namespacesprocess-isolationseccomp-bpf-policiessecurity
friz-zy/awesome-linux-containersRelated projects:
| Repository | Description | Stars |
|---|---|---|
 netblue30/firejail | A security tool designed to restrict the environment of potentially untrusted applications on Linux systems. | 5,855 |
| google/gvisor | An application kernel that provides isolation between running applications and the host operating system | 15,931 |
 shamedgh/confine | Generates Seccomp profiles to reduce Linux kernel vulnerabilities in containers | 62 |
 cohdjn/cisecurity | Automates Linux hardening to conform to Center for Internet Security Benchmark standards | 9 |
| google/oss-fuzz | An automated testing framework that uses random data to find errors in software | 10,671 |
 containers/bubblewrap | Sandboxing tool to provide isolation and security for unprivileged users | 4,010 |
| google/sanitizers | Maintains documentation and helper code for a set of sanitizers to detect and prevent common programming errors. | 11,610 |
 trimstray/the-practical-linux-hardening-guide | A comprehensive guide to creating secure Linux production systems using industry standards and best practices | 9,956 |
 opennhp/opennhp | A Zero Trust protocol that leverages resource-hiding and encryption to safeguard servers and data from attackers | 13,520 |
 gchq/cyberchef | A web-based tool for manipulating data through various encoding, encryption, compression, and analysis operations | 29,563 |
 dominicbreuker/pspy | A tool to monitor Linux processes without root permissions | 5,005 |
 anchore/syft | Generates detailed visibility into software packages and dependencies to manage vulnerabilities and license compliance. | 6,371 |
| google/syzkaller | An unsupervised coverage-guided kernel fuzzer | 5,428 |
 evilsocket/opensnitch | An interactive application firewall that allows users to filter and manage network connections on GNU/Linux systems. | 11,023 |
 brexhq/substation | A toolkit for routing, normalizing, and enriching security event logs across the cloud | 332 |