Nsjail: A light-weight process isolation tool for Linux

1. nsjail

   1 7 3,150 5.7 C++

   A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

   

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. bubblewrap

   2 79 4,162 7.6 C

   Low-level unprivileged sandboxing tool used by Flatpak and similar projects

   

4. nsjail

   3 1 2 - C++

   (fork for judge system sandboxing; see the following website for documentations) A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language) (by NeoHOJ)

   

   I have forked this project long ago and have built an online judge utilizing its BPF integration to filter out unwanted syscalls. I have implemented the time/mem usage reporting and it has improved my knowledge to modern Linux kernels.

   There were some rough edges back then, but it had been my go-to tool to run user-provided code in isolation.

   https://github.com/NeoHOJ/nsjail

5. firejail

   4 143 6,063 9.6 C

   Linux namespaces and seccomp-bpf sandbox

   

Suggest a related project