Back to search
Top Contributors
92
commits
85
commits
13
commits
9
commits
7
commits
6
commits
5
commits
4
commits
3
commits
3
commits
A lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container.
Stars
3.7k
Forks
251
Watchers
3.7k
Open Issues
88
Overall repository health assessment
^1.0.10^12.1.0^1.8.3^3.24.1^9.14.0^1.3.2^18^1.7.5^9.14.0^8.10.0^3.6.3^2.31.0^17.16.2^5.1.3^15.12.0^9.1.7^16.2.63.3.3^5.6.3^8.13.092
commits
85
commits
13
commits
9
commits
7
commits
6
commits
5
commits
4
commits
3
commits
3
commits
Add allowMachLookup config for additional macOS XPC services (#204)
d3d27ddView on GitHubAdd seccomp argv0 mode for multicall-binary invocation (#203)
2dc232bView on GitHubAdd tests for rm in allowWrite under denyRead ancestor (issue #171) (#198)
16867c6View on GitHubMerge pull request #170 from carderne/fix-order-allow-read
e4a34feView on GitHubRun full test suite in CI and migrate platform skips to describe.if (#197)
e94c5fdView on GitHubFix enableWeakerNestedSandbox after apply-seccomp namespace changes (#196)
ed5a909View on GitHubMerge pull request #195 from anthropic-experimental/atp/cc-1468-denywrite-unmasks-denyread-regression
bc1ab82View on GitHubSort denyRead paths shallow-first so file masks land after dir tmpfs
7858097View on GitHubDon't let denyWrite unmask a denyRead /dev/null bind; file-deny survives dir-allow
ebf2912View on GitHubDefer bwrap mount point cleanup until concurrent sandboxes finish (#184)
18f2668View on GitHubIsolate seccomp workload in nested PID ns and block io_uring (#183)
7ee4ac6View on GitHub