seccomp-bpf-policies

A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.

Go library for installing a seccomp BPF system call filter.

🔒 download, verify & run torbrowser in a sandbox

Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.