Server-side sandboxing: Containers and seccomp

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

windmill

1 91 12,551 10.0 HTML

Open-source developer platform to power your entire infra and turn scripts into webhooks, workflows and UIs. Fastest workflow engine (13x vs Airflow). Open-source alternative to Retool and Temporal.

If you are looking to self-host a scalable backend that runs arbitrary code in python/typescript/bash/go with sandboxing and nsjail like figma, nsjail is what we use as isolation layer at https://windmill.dev (Open-source alternative to Retool/Airplane)
CodeRabbit

coderabbit.ai featured

CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
nsjail

2 7 3,159 5.7 C++

A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

So what's the difference between nsjail[1] and bubblewrap[2]?
[1] https://github.com/google/nsjail
bubblewrap

3 79 4,189 7.6 C

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Nsjail: A light-weight process isolation tool for Linux

4 projects | news.ycombinator.com | 4 Feb 2025
Firejail: Light, featureful and zero-dependency security sandbox for Linux

6 projects | news.ycombinator.com | 11 Jul 2023
Bubblewrap: Unprivileged Sandboxing Tool for Linux

6 projects | news.ycombinator.com | 27 Mar 2022
cap-std: Capability-oriented version of the Rust standard library

3 projects | /r/rust | 13 Apr 2021
How to run GUI applications directly in containers

5 projects | news.ycombinator.com | 27 Feb 2025

Server-side sandboxing: Containers and seccomp

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot
Post date: 24 Oct 2023

windmill

CodeRabbit

nsjail

bubblewrap

Related posts

Nsjail: A light-weight process isolation tool for Linux

Firejail: Light, featureful and zero-dependency security sandbox for Linux

Bubblewrap: Unprivileged Sandboxing Tool for Linux

cap-std: Capability-oriented version of the Rust standard library

How to run GUI applications directly in containers

Did you know that C is
the 6th most popular programming language
based on number of references?

Server-side sandboxing: Containers and seccomp

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com hardware-buttons scrape-images linkedin-bot Post date: 24 Oct 2023

windmill

CodeRabbit

nsjail

bubblewrap

Related posts

Nsjail: A light-weight process isolation tool for Linux

Firejail: Light, featureful and zero-dependency security sandbox for Linux

Bubblewrap: Unprivileged Sandboxing Tool for Linux

cap-std: Capability-oriented version of the Rust standard library

How to run GUI applications directly in containers

Did you know that C is the 6th most popular programming language based on number of references?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot
Post date: 24 Oct 2023

Did you know that C is
the 6th most popular programming language
based on number of references?