A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
APACHE-2.0 License
Create and manage chroot/jail environments
Minimal, bento-box style Ubuntu-based WSL distro; ideal for targeting Linux-style NodeJs and CMak...
ebpfkit is a rootkit powered by eBPF
Start Linux programs with only selected syscalls enabled (libseccomp-based)
My own personal tech cheatsheet. This covers the stuff I use quite regularly.
Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.
Manage your application processes in production hassle-free like Heroku CLI with Procfile and Sys...
Start programs inside unshare/lxc namespaces easily using UNIX sockets + easy access to capabilit...
The systemd System and Service Manager