seccomp

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Provide powerful tools for seccomp analysis

A stupid game for learning about containers, capabilities, and syscalls.

The main libseccomp repository

The Kubernetes Security Profiles Operator

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

The libseccomp golang bindings repository

A set of curated exercises to help you prepare for the CKS exam

minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.

🔍 Seccomp profiling and function-level tracing tool.

Rust implementation of PRoot, a ptrace-based sandbox

Generate seccomp profiles from go binaries

Simplifying Seccomp enforcement in containerized or non-containerized apps

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

Provides easy-to-use Linux seccomp-bpf jailing.

Go library for installing a seccomp BPF system call filter.

Record process launches and files read and written by each process