Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 16 sandboxing Open-Source Projects
-
loft
Namespace & Virtual Cluster Manager for Kubernetes - Lightweight Virtual Clusters, Self-Service Provisioning for Engineers and 70% Cost Savings with Sleep Mode
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
sandwine
:wine_glass: Command-line tool to run Windows apps with Wine and bwrap/bubblewrap isolation on Linux
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
Project mention: The best WebAssembly runtime may be no runtime at all | news.ycombinator.com | 2023-12-11https://gvisor.dev/docs/architecture_guide/platforms/ :
> gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. Internally, gVisor uses an abstraction sensibly called Platform.
Chrome sandbox: https://chromium.googlesource.com/chromium/src/+/refs/heads/...
Firefox sandbox: https://wiki.mozilla.org/Security/Sandbox
Chromium sandbox types summary: https://github.com/chromium/chromium/blob/main/docs/linux/sa...
Minijail: https://github.com/google/minijail :
> Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
Chrome vulnerability reward amounts: https://bughunters.google.com/about/rules/5745167867576320/c...
Systemd has SystemCallFilter= to limit processes to certain syscall:
Download the app to your device by using the download option of your choosing from here https://github.com/tobykurien/WebApps
Project mention: Call for Ideas: How to have a 'user container' while logged in with a guest account? | /r/linuxquestions | 2023-05-25
sandboxing related posts
-
Alternative way to access Reddit on phone (a tutorial)
-
Call for Ideas: How to have a 'user container' while logged in with a guest account?
-
A CLI app that sandboxes processes’ file operations
-
GrapheneOS NFC Payment options (Google Pay etc)
-
Running Net Guard or other Firewall on stock Android?
-
Any news of Webapp updated alternative??
-
FOSS Instagram client
-
A note from our sponsor - InfluxDB
www.influxdata.com | 3 May 2024
Index
What are some of the best open-source sandboxing projects? This list will help you:
Project | Stars | |
---|---|---|
1 | sandboxed-api | 1,644 |
2 | loft | 689 |
3 | cap-std | 622 |
4 | packj | 615 |
5 | xdg-desktop-portal | 525 |
6 | uvm | 503 |
7 | rlbox | 277 |
8 | minijail | 234 |
9 | WebApps | 227 |
10 | Example | 197 |
11 | ego | 111 |
12 | rust-landlock | 79 |
13 | sandwine | 59 |
14 | forkfs | 58 |
15 | apparmor-profiles | 30 |
16 | nix-bubblewrap | 17 |
Sponsored