Displaying 1 to 11 from 11 results

DockerSlim (docker-slim) - Optimize and secure your Docker containers

  •    Go

Docker slim minify's and secure's Docker containers. Keep doing what you are doing. No need to change anything. Use the base image you want. Use the package manager you want. Don't worry about hand optimizing your Dockerfile. You shouldn't have to throw away your tools and your workflow to have small container images.

contained.af - A stupid game for learning about containers, capabilities, and syscalls.

  •    Javascript

A game for learning about containers, capabilities, and syscalls. To add a question edit this file: frontend/js/questions.js.

libseccomp - The main libseccomp repository

  •    C

The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers. The project mailing list is currently hosted on Google Groups at the URL below, please note that a Google account is not required to subscribe to the mailing list.

go2seccomp - Generate seccomp profiles from go binaries

  •    Go

go2seccomp analyzes compiled go binaries and generates a seccomp profile that blocks all syscalls, except the ones used by the binary. The profile can then be used when running the binary in a container using docker, rkt, or any runtime that supports seccomp to further reduce the container's attack surface. This tool aims to help make the process of creating seccomp profiles for go programs easier, and can also help developers see when changes increase or decrease the scope of what their programs can do with relation to syscalls.

disable_sendfile_vbox_linux - Go VirtualBox vboxsf sendfile bug workaround

  •    Go

If you serve static content from a shared folder you might have run into a vboxsf file corruption bug. This hack disables the sendfile syscall for the go process which will force the standard library to fallback to userland buffered IO. in a source file.

go-seccomp-bpf - Go library for installing a seccomp BPF system call filter.

  •    Go

go-seccomp-bpf is a library for Go (golang) for loading a system call filter on Linux 3.17 and later by taking advantage of secure computing mode, also known as seccomp. Seccomp restricts the system calls that a process can invoke. The kernel exposes a large number of system calls that are not used by most processes. By installing a seccomp filter, you can limit the total kernel surface exposed to a process (principle of least privilege). This minimizes the impact of unknown vulnerabilities that might be found in the process.

seccomp-tools - Provide powerful tools for seccomp analysis

  •    Ruby

Provide powerful tools for seccomp analysis. This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.

karn - Seccomp/Apparmor profile generation using entitlements

  •    Go

Karn is an admin-friendly tool for creating OCI compliant seccomp and apparmor profiles. Originally proposed here as part of the Linux Container Hardening project. Baseline functionality exists. At this point all possible filters and rules that you can manually express in seccomp and apparmor profiles can be created using karn.

seccomp-gen - Docker Secure Computing Profile Generator

  •    Go

This tool allows you to pipe the output of strace through it and will auto-generate a docker seccomp profile that can be used to only whitelist the syscalls your container needs to run and blacklists everything else. This adds a LOT of security by drastically limiting your attack surface to only what is needed.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.