Server-side sandboxing: Containers and seccomp

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
user-namespaces Security low-code linux-containers linux-namespaces

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • windmill

    Open-source developer platform to turn scripts into workflows and UIs. Fastest workflow engine (5x vs Airflow). Open-source alternative to Airplane and Retool.

    • If you are looking to self-host a scalable backend that runs arbitrary code in python/typescript/bash/go with sandboxing and nsjail like figma, nsjail is what we use as isolation layer at https://windmill.dev (Open-source alternative to Retool/Airplane)

  • nsjail

    A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

    • So what's the difference between nsjail[1] and bubblewrap[2]?

    [1] https://github.com/google/nsjail

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • bubblewrap

    Low-level unprivileged sandboxing tool used by Flatpak and similar projects

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts