Kali Linux

Lockc : Making Containers More Secure With eBPF And Linux Security Modules (LSM)

lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads.

The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS and provide ways to “break out” from the container. lockc aims to provide more isolation to containers and make them more secure.

The Containers do not contain documentation section explains what we mean by that phrase and what kind of behavior we want to restrict with lockc.

The main technology behind lockc is eBPF – to be more precise, its ability to attach to LSM hooks

Please note that currently lockc is an experimental project, not meant for production environment and without any official binaries or packages to use – currently the only way to use it is building from sources.

See the full documentation here. And the code documentation here.

If you need help or want to talk with contributors, plese come chat with us on #lockc channel on the Rust Cloud Native Discord server.

lockc’s userspace part is licensed under Apache License, version 2.0.

eBPF programs inside lockc/src/bpf directory are licensed under GNU General Public License, version 2.

R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

20 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

22 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

23 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

23 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

23 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago