awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

12 مستودعات

Awesome GitHub RepositoriesPrivileged Process Isolation

Mechanisms for executing administrative tasks in isolated, secure processes to minimize system attack surfaces.

Distinguishing note: Focuses on process-level security isolation for administrative tasks, distinct from general-purpose authentication or encryption libraries.

Explore 12 awesome GitHub repositories matching security & cryptography · Privileged Process Isolation. Refine with filters or upvote what's useful.

Awesome Privileged Process Isolation GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • chen08209/flclashالصورة الرمزية لـ chen08209

    chen08209/FlClash

    42,627عرض على GitHub↗

    FlClash is a cross-platform proxy client designed to manage network traffic through configurable rules and system-level tunnel integration. It functions as a native system orchestrator, coordinating application lifecycle events and background services across desktop and mobile environments. The application utilizes a modular architecture that enables extensibility through local plugins and foreign function interfaces, allowing for direct interaction with native system libraries. It maintains security by isolating restricted administrative tasks within a privileged helper process, which valida

    Executes restricted administrative tasks in a separate secure process to safely manage system network tunnels and core services.

    Dartclashclash-metaflutter
    عرض على GitHub↗42,627
  • rikkaapps/shizukuالصورة الرمزية لـ RikkaApps

    RikkaApps/Shizuku

    26,413عرض على GitHub↗

    Shizuku is a framework that enables standard mobile applications to interact with restricted system-level interfaces and services. By acting as a bridge between the user space and protected system functions, it allows applications to perform privileged operations that are typically inaccessible due to standard operating system sandbox limitations. The project functions by routing requests through a persistent background service, which facilitates communication with internal system services and remote interfaces. This architecture allows for the execution of system-level tasks and the manageme

    Routes restricted system requests through a high-privilege background process to bypass sandbox limitations.

    Kotlin
    عرض على GitHub↗26,413
  • vonng/ddiaالصورة الرمزية لـ Vonng

    Vonng/ddia

    22,648عرض على GitHub↗

    This project serves as a comprehensive technical reference for the architecture and design of data-intensive applications. It provides a structured analysis of the fundamental principles required to build reliable, scalable, and maintainable software systems, covering the core trade-offs inherent in modern data infrastructure. The repository explores the mechanics of distributed data management, including strategies for replication, partitioning, and achieving consensus across multiple nodes. It details the design of storage engines, indexing techniques, and transaction management models, whi

    Implements process-level security isolation to minimize system attack surfaces and manage authority.

    Pythonbookdatabaseddia
    عرض على GitHub↗22,648
  • opa334/trollstoreالصورة الرمزية لـ opa334

    opa334/TrollStore

    21,573عرض على GitHub↗

    TrollStore is an application installer for iOS that enables the deployment of unsigned software on restricted mobile devices. By bypassing standard code signature verification and security sandbox requirements, it allows users to install and execute applications that originate from outside official distribution channels. The utility functions as an entitlement injection tool, modifying application metadata during installation to grant elevated system permissions. It achieves this by injecting developer certificates into software bundles and utilizing kernel-level modifications to permit the e

    Executes application binaries with elevated system credentials to bypass standard security sandboxes.

    Objective-C
    عرض على GitHub↗21,573
  • qdm12/gluetunالصورة الرمزية لـ qdm12

    qdm12/gluetun

    13,056عرض على GitHub↗

    Gluetun is a containerized network utility designed to route traffic from multiple Docker containers through a secure virtual private network tunnel. It functions as a network gateway that encapsulates outgoing internet traffic to provide privacy and security for isolated application services. The project distinguishes itself by utilizing Linux network namespaces to isolate container traffic, ensuring that all outgoing packets are forced through a dedicated tunnel interface. It supports both OpenVPN and WireGuard protocols, managing the connection lifecycle and routing logic as a sidecar cont

    Executes network configuration tasks in isolated, privileged processes to manage kernel routing tables securely.

    Goalpinecyberghostdns-over-tls
    عرض على GitHub↗13,056
  • benoitc/gunicornالصورة الرمزية لـ benoitc

    benoitc/gunicorn

    10,443عرض على GitHub↗

    Gunicorn is a production-grade WSGI HTTP server designed for deploying Python web applications. It functions as a process manager that utilizes a pre-fork worker model, where a master process initializes the application and spawns multiple child processes to handle incoming requests in parallel. This architecture ensures high performance and stability by isolating application execution within persistent worker processes. The server distinguishes itself through its flexible concurrency models and robust process lifecycle management. It supports interchangeable worker types, including synchrono

    Executes worker processes under specific user and group identities to enforce security and minimize attack surfaces.

    Pythonhttphttp-serverpython
    عرض على GitHub↗10,443
  • powershell/win32-opensshالصورة الرمزية لـ PowerShell

    PowerShell/Win32-OpenSSH

    8,167عرض على GitHub↗

    Win32-OpenSSH is a secure shell suite that provides an OpenSSH port for Windows operating systems. It consists of an SSH server for remote management and authentication, a secure shell client for establishing encrypted connections, and an SFTP server for managing files. The project enables secure remote administration of Windows servers and workstations via a command line interface. It supports encrypted file transfers using SFTP and SCP protocols and allows for cross-platform remote management of Windows systems from Linux or macOS environments. The implementation integrates with Windows se

    Uses a privilege-separated process model to isolate the monitor from unprivileged child processes for increased security.

    csshwindows
    عرض على GitHub↗8,167
  • tianon/gosuالصورة الرمزية لـ tianon

    tianon/gosu

    4,978عرض على GitHub↗

    gosu هو مبدل هوية مستخدم قائم على Go ومغلف عملية مصمم لتنفيذ الأوامر تحت هوية مستخدم ومجموعة محددة. يعمل كملف ثنائي خفيف الوزن لتبديل هويات المستخدم وإعادة توجيه الإشارات قبل تنفيذ عملية مستهدفة. تركز الأداة على تحسين نقطة دخول الحاوية وإدارة المستخدم داخل حاويات Docker. وتتيح تنفيذ العمليات كمستخدمين غير جذريين (non-root) مع ضمان وصول إشارات نظام التشغيل إلى العملية الفرعية وتأسيس الأمر المستهدف كعملية أساسية. تدير الأداة تبديل هوية عملية Linux وتنفيذ العمليات ذات الامتيازات. وتستخدم استدعاءات النظام لتبديل الهوية وتوفر توريث التدفق القياسي لربط العملية المستهدفة بتدفقات الإدخال والإخراج الموجودة.

    Executes binaries with specific user/group credentials while ensuring proper environment variable inheritance.

    Shell
    عرض على GitHub↗4,978
  • trifectatechfoundation/sudo-rsالصورة الرمزية لـ trifectatechfoundation

    trifectatechfoundation/sudo-rs

    4,410عرض على GitHub↗

    sudo-rs هي أداة نظام منخفضة المستوى ومنفذ أوامر مميز مكتوب بلغة Rust. توفر تنفيذاً آمناً للذاكرة لـ sudo وsu لتشغيل البرامج بصلاحيات المستخدم الخارق أو مستخدم بديل وتبديل صلاحيات الجلسة إلى هويات مستخدمين محليين آخرين. يتكامل المشروع مع وحدات أمان النواة ليعمل كمشغل عمليات في بيئة معزولة (sandboxed)، مما يقيد موارد النظام وقدرات العمليات أثناء التنفيذ. تتضمن الأداة دعماً لترجمة النظام متعدد اللغات، باستخدام كتالوجات رسائل مجمعة لتوفير نصوص واجهة مستخدم مترجمة بناءً على لغة النظام.

    Provides mechanisms to spawn new system processes with elevated root-level credentials by altering user and group IDs.

    Rust
    عرض على GitHub↗4,410
  • linuxserver/docker-webtopالصورة الرمزية لـ linuxserver

    linuxserver/docker-webtop

    3,936عرض على GitHub↗

    This project is a containerized Linux desktop streamer that renders a full operating system interface in a web browser using encoded video streams. It allows for remote access to various Linux distributions and serves as a platform for browser-based application hosting. The system supports GPU acceleration via KVM and direct hardware passthrough to enable low-latency graphics rendering and video encoding. It also features volume mapping for home directory persistence, ensuring that user data and portable applications survive environment updates. Additional capabilities include the creation o

    Creates a secure kiosk environment by disabling terminal and sudo access.

    Shellalpinearchdocker
    عرض على GitHub↗3,936
  • jorisvink/koreالصورة الرمزية لـ jorisvink

    jorisvink/kore

    3,825عرض على GitHub↗

    Kore is an event-driven web and WebSocket server framework designed for building high-performance web services and APIs in C or Python. It functions as a secure, concurrent application framework that utilizes non-blocking I/O and isolated worker processes to handle high-concurrency traffic. The project is distinguished by a security-first architecture that features OS-level process sandboxing, privilege separation, and the isolation of private encryption keys into dedicated processes. It enables zero-downtime deployments through dynamic module hot-reloading and provides automated TLS certific

    Isolates private encryption keys into dedicated processes to prevent compromise of the primary worker processes.

    Ccframeworkhigh-performance
    عرض على GitHub↗3,825
  • reisxd/tizentubecobaltالصورة الرمزية لـ reisxd

    reisxd/TizenTubeCobalt

    2,493عرض على GitHub↗

    TizenTubeCobalt is a third-party YouTube client and ad-blocking video player developed for the Tizen operating system. It functions as a Tizen OS application that bridges native C++ functions with JavaScript execution to provide a customized media experience on smart TVs. The application distinguishes itself through advanced content filtering and playback optimizations. It removes video advertisements and uses community-sourced data to automatically skip sponsored segments. Additionally, it includes a video content filter to remove clickbait titles and misleading thumbnails. The project cove

    Utilizes operating system primitives to restrict process privileges and isolate sensitive operations from the main application.

    عرض على GitHub↗2,493
  1. Home
  2. Security & Cryptography
  3. Privileged Process Isolation

استكشف الوسوم الفرعية

  • Key Isolation ProcessesProcesses specifically designed to isolate cryptographic keys from the main application logic. **Distinct from Privileged Process Isolation:** Distinct from Privileged Process Isolation: focuses specifically on isolating encryption keys rather than general administrative tasks.
  • Kiosk Environment IsolationRestricting shell access and administrative privileges to create a locked-down user environment. **Distinct from Privileged Process Isolation:** Specifically creates a kiosk by disabling terminals and sudo, rather than just isolating administrative processes.
  • Privileged Process SpawnersMechanisms for executing application binaries with root-level credentials to bypass sandboxing. **Distinct from Privileged Process Isolation:** Distinct from privileged process isolation: focuses on spawning processes with elevated credentials rather than just isolating them.