seccomp

There are 9 repositories under seccomp topic.

• slimtoolkit / slim

  Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

  apparmorcontainersdockergogolanghacktoberfestminifyminify-imagesseccompseccomp-profilesecurityslim
  Language:Go 18175

• sandstorm-io / sandstorm

  Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

  capnprotodecentralizedsandstormseccompself-hostedself-hosting
  Language:JavaScript 6636
• Certified-Kubernetes-Security-Specialist

  walidshaari / Certified-Kubernetes-Security-Specialist

  Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

  kubernetes-securitykubernetesckscksskernel-hardeningexam-objectivesos-footprintsecurityseccompapparmorfalcokube-hunterkube-benchtrivypodcertificationpolicymitre-attackpod-security-policyopen-policy-agent
  Language:AGS Script 1918

• david942j / seccomp-tools

  Provide powerful tools for seccomp analysis

  ctfsandboxseccompseccomp-filterseccomp-toolstools
  Language:Ruby 922

• genuinetools / contained.af

  A stupid game for learning about containers, capabilities, and syscalls.

  apparmorcontainersdockergamelinuxopencontainersseccompsecuritysyscalls
  Language:JavaScript 881

• seccomp / libseccomp

  The main libseccomp repository

  bpfseccomplibseccomp
  Language:C 771

• ViktorUJ / cks

  Open-source Platform for learning kubernetes and aws eks and preparation for for Certified Kubernetes exams (CKA ,CKS , CKAD)

  awsckackadcksk8sterraformterragruntapparmorfalcokubernetes-securityseccompeksgvisorkuberneteskubernetes-clusteropakubeadmcertified-kubernetes-security-specialistkubernetes-learninglearn-kubernetes
  Language:HCL 667

• kubernetes-sigs / security-profiles-operator

  The Kubernetes Security Profiles Operator

  kuberneteskubernetes-operatorseccompk8s-sig-nodeseccomp-operatorseccomp-profilessecurity-profilesselinuxapparmor
  Language:C 647

• seccomp / libseccomp-golang

  The libseccomp golang bindings repository

  bpflibseccompseccomp
  Language:Go 251

• moabukar / CKS-Exercises-Certified-Kubernetes-Security-Specialist

  A set of curated exercises to help you prepare for the CKS exam

  kubernetesckssecuritycontainersfalcosecurity-toolsapparmortrivyanchoreopaseccompaudit-lognetworkpoliciessecrets-managementsysdigkube-benchgvisorstatic-analysiscontainerd
  Language:Shell 214

• avilum / secimport

  eBPF Python runtime sandbox with seccomp (Blocks RCE).

  3rd-partybpftracedtraceebpfimportlinuxprofilingpythonrcesandboxseccompsecuritysecurity-toolstracing
  Language:Python 158

• xfernando / go2seccomp

  Generate seccomp profiles from go binaries

  gocontainersseccompsecurity
  Language:Go 135

• proot-me / proot-rs

  Rust implementation of PRoot, a ptrace-based sandbox

  rustsandboxptraceseccompnon-rootlinuxbindingsbindmountcontaineruserspacerootless-containersbinfmtprootproot-rshacktoberfest
  Language:Rust 118

• grantseltzer / karn

  Simplifying Seccomp enforcement in containerized or non-containerized apps

  seccompseccomp-filterkarnsecuritysecurity-toolssecurity-hardeningcontainerscontainer-security
  Language:Go 110

• antitree / syscall2seccomp

  Build custom Docker seccomp profiles for containers by finding syscalls it uses.

  dockerseccompidentify-syscallsdocker-container
  Language:Python 87

• elastic / go-seccomp-bpf

  Go library for installing a seccomp BPF system call filter.

  golangseccompseccomp-bpf-policies
  Language:Go 73

• rust-vmm / seccompiler

  Provides easy-to-use Linux seccomp-bpf jailing.

  seccomp-bpfseccomp
  Language:Rust 61

• orivej / fptrace

  Record process launches and files read and written by each process

  ptracestracedependency-graphseccomp
  Language:Go 56

• bnbdr / ida-bpf-processor

  BPF Processor for IDA Python

  idapython-pluginbpfprocessoridaseccompdisasmdisassembler
  Language:Python 48

• msantos / alcove

  Control plane for system processes

  system-programmingexecforklinux-namespacessignalcapsicumpledgeseccompprctlprocctl
  Language:C 47

• alegrey91 / harpoon

  🔍 Trace syscalls of user-space defined functions, using eBPF

  ebpfebpf-programsgolangseccompsecurity-auditsecurity-toolssyscallssystem-calls
  Language:C 45

• blacktop / seccomp-gen

  Docker Secure Computing Profile Generator

  dockerseccompseccomp-profilegeneratorgolang
  Language:Go 45

• antitree / keyctl-unmask

  Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.

  containerssecurity-toolskubernetesbreakoutkeyctlsyscallsdockerseccompnamespacing
  Language:Go 41

• kinvolk / seccompagent

  agent for handling seccomp descriptors for container runtimes

  kinvolkseccompcontainers
  Language:Go 41
• mint

  mintoolkit / mint

  minT(oolkit): Awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

  apparmorcontcontainerdcontainersdockerdocker-slimgogolangminifyminify-imagespodmanseccompseccomp-profileslimminimal-container-imagesslimtoolkit
  Language:Go 38

• msantos / prx

  an Erlang library for interacting with Unix processes

  execforklinux-namespacessignalsupervisorsystem-programmingcapsicumpledgeseccompprctlprocctl
  Language:Erlang 35

• giuliocomi / csplogger

  A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure

  cspinfrastructurereport-uridashboardflaskloggingdockersecurity-toolssecurity-auditseccompapparmorhardened-image
  Language:Python 33

• giuseppe / easyseccomp

  DSL language to write seccomp filters

  containersseccompseccomp-bpfseccomp-filtersecurity
  Language:C 33

• SamratV / Online-Judge

  Online Judge for testing programming ability in C, C++, Java and Python.

  online-judgeseccompjavajsp-servletace-editorjavascriptjquery
  Language:JavaScript 30

• libseccomp-rs / libseccomp-rs

  Rust Language Bindings for the libseccomp Library

  seccomplibseccompcontainerslinux-kernelapi-bindingsrust
  Language:Rust 28

• utoni / potd

  A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.

  honeypotcopenwrtsandboxssh-honeypotseccompcapabilitiescgroups
  Language:C 28

• healeycodes / untrusted-python

  📦 Run untrusted python code on the server

  rlimitseccompuntrusted-codepyseccompsetrlimitsandbox
  Language:TypeScript 26

• kpcyrd / syscallz-rs

  Simple seccomp library for rust

  rustseccompsandbox
  Language:Rust 24

• pjbgf / zaz

  A command line tool to automatically generate seccomp profiles.

  seccompsecuritysecurity-toolsseccomp-toolscontainer-securityseccomp-json
  Language:Go 24

• brynet / file

  A portable version of OpenBSD's privsep/sandboxed file(1) utility

  copenbsdseccomp-filtersandboxutilityprivsepseccompseccomp-bpffilesecurityportablelinuxprivdroppledge
  Language:C 23

• msantos / xmppipe

  stdio over XMPP

  xmppchatbotcapsicumpledgeseccomp
  Language:C 23