awesome-cosmopolitan
minijail
awesome-cosmopolitan | minijail | |
---|---|---|
7 | 1 | |
278 | 234 | |
- | 3.4% | |
2.0 | 7.9 | |
11 months ago | 16 days ago | |
C | ||
- | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-cosmopolitan
-
The best WebAssembly runtime may be no runtime at all
For WASM, that's what WASI is all about, yes?
And for Cosmopolitan Libc, there's documented Functions:
https://justine.lol/cosmopolitan/functions.html
And if you want to see things beyond a trivial hello world, you can check out some examples:
https://github.com/shmup/awesome-cosmopolitan
https://github.com/burggraf/awesome-cosmo
Or you can see a pretty big list of pre-compiled Actually Portable Executables here:
https://cosmo.zip/pub/cosmos/bin/
-
Is there a standardportable C library ?
Love Cosmo. It has a bunch of nice features that you'll miss when working with anything else. Anyone who's interested should check out the awesome-cosmopolitan repo for Cosmo-based projects.
-
Kb executable runs natively on 7 operating systems
There's so much great stuff going on in the cosmoverse that it's hard to keep track of it all! We recently started https://github.com/shmup/awesome-cosmopolitan for that reason.
- Cosmopolitan: List of Cosmopolitan Libc related resources and projects
- Porting GHC to Cosmopolitan libc
- Show HN: Awesome Cosmopolitan
-
Cosmopolitan v2.0
If you're here and maybe learning about this space for the first time (or not), you might like to scan:
https://github.com/shmup/awesome-cosmopolitan
minijail
-
The best WebAssembly runtime may be no runtime at all
https://gvisor.dev/docs/architecture_guide/platforms/ :
> gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. Internally, gVisor uses an abstraction sensibly called Platform.
Chrome sandbox: https://chromium.googlesource.com/chromium/src/+/refs/heads/...
Firefox sandbox: https://wiki.mozilla.org/Security/Sandbox
Chromium sandbox types summary: https://github.com/chromium/chromium/blob/main/docs/linux/sa...
Minijail: https://github.com/google/minijail :
> Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
Chrome vulnerability reward amounts: https://bughunters.google.com/about/rules/5745167867576320/c...
Systemd has SystemCallFilter= to limit processes to certain syscall:
What are some alternatives?
esperanto - build-once run-anywhere OCaml programs
lfi - Lightweight Fault Isolation (LFI): Practical, Efficient, and Secure Software Sandboxing
zsh - Zsh patched to support Actually Portable Executables git://git.code.sf.net/p/zsh/code (upstream pending)
awesome-cosmo
cosmogfx - Build-once run-anywhere OpenGL application
landlock-make - Sandboxing for GNU Make has never been easier
quine-relay - An uroboros program with 100+ programming languages
cosmopolitan - build-once run-anywhere c library
hn-search - Hacker News Search
go - The Go programming language
zsh - Mirror of the Z shell source code repository.