A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security. It utilizes Linux namespace subsystem, resource limits, and the seccomp-bpf syscall filters of the Linux kernel.
Features
- Isolate networking services (e.g. web, time, DNS), by isolating them from the rest of the OS
- Host computer security challenges (so-called CTFs)
- Contains invasive syscall-level OS fuzzers
- Offers three distinct operational modes
- Utilizes kafel seccomp-bpf configuration language for flexible syscall policy definitions
- Uses expressive, ProtoBuf-based configuration file
Categories
SecurityLicense
Apache License V2.0Follow nsjail
Other Useful Business Software
Forever Free Full-Stack Observability | Grafana Cloud
Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of nsjail!