A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

Judging daemon for programming contests

Builds, boots and runs linux images on bare metal or inside VMs

Control plane for system processes

Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes

A GNU/Linux specific toolkit for making and managing jails which are OS level virtualization containers. Implemented using shell scripts with chroot, linux namespaces, pivot_root and embedded into busybox.

Python library to control Linux kernel namespaces

Process isolation for Linux using namespaces, resource limits and seccomp.

[POC] Rootless Containers without `/etc/subuid` and `/etc/subgid`

Generate runlets from containerized Unix processes

Easy Application Sandboxing

haskell library to work with linux namespaces

Sandbox for multi-process applications for unprivileged users on Linux

an Erlang library for interacting with Unix processes

⚠️ OLD EXPERIMENT I used to learn Rust and linux namespaces ⚠️ A port of the excellent process isolation library NsJail to rust with experimental features to decrease the startup latency further

A repository to hold code for security related examples

Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.

Simple Container implementation using linux namespaces and cgroups.

Container implementation in go