libseccomp
capsicum-linux
libseccomp | capsicum-linux | |
---|---|---|
3 | 1 | |
771 | 204 | |
1.3% | - | |
4.6 | 10.0 | |
20 days ago | almost 4 years ago | |
C | C | |
GNU Lesser General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libseccomp
-
Linux Security - Secure Computing Mode (seccomp)
We can configure seccomp by the libseccomp (https://github.com/seccomp/libseccomp), the prctl(https://man7.org/linux/man-pages/man2/prctl.2.html) system call and/or the seccomp syscall (https://man7.org/linux/man-pages/man2/seccomp.2.html) and/or other CLI tools (like https://github.com/david942j/seccomp-tools) .
-
Show HN: Porting OpenBSD Pledge() to Linux
Very nice! I'm a fan of OpenBSD and pledge(). I've had some success on Linux with libseccomp[0] which means you don't have to deal with BPF directly, but pledge() is obviously much much easier.
0. https://github.com/seccomp/libseccomp
-
Zoom zero-day discovery makes calls safer, hackers $200k richer
Yeah the idea of wrangling raw BPF is a bit daunting. Just FYI, libseccomp (https://github.com/seccomp/libseccomp) exists to abstract away all the BPF stuff. It even comes prepackaged by the major distros (ex https://packages.debian.org/sid/libseccomp2) so you don't even have to compile it yourself.
capsicum-linux
-
Show HN: Porting OpenBSD Pledge() to Linux
Unfortunately the Linux port was never incorporated and is apparently now abandoned: https://github.com/google/capsicum-linux
What are some alternatives?
tracee - Linux Runtime Security and Forensics using eBPF
seccomp-scopes - Make Linux computing safe
capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. [Moved to: https://github.com/capstone-engine/capstone]
misc - miscellaneous scripts and small programs
libbpf - Automated upstream mirror for libbpf stand-alone build.
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
cosmopolitan - build-once run-anywhere c library
firejail - Linux namespaces and seccomp-bpf sandbox