4 个仓库
Configuration of OS-level user and group identities for child processes to ensure system security and permissions.
Distinct from User Identity Management: Shortlist candidates focus on Git identity or generic user management; this is about OS-level process UID/GID isolation.
Explore 4 awesome GitHub repositories matching operating systems & systems programming · Process User Isolation. Refine with filters or upvote what's useful.
cc-connect is an AI agent messaging bridge and session manager that connects local AI coding agents to third-party messaging platforms. It acts as a multimodal AI chat relay and a OneBot protocol gateway, allowing users to control local AI agents remotely via a variety of chat interfaces. The project distinguishes itself by providing a remote AI agent controller that enables the management of agents through slash commands and a web management dashboard. It supports multi-tenant project orchestration and session-based context isolation, ensuring that independent conversation threads are mainta
Spawns agent processes under specific Unix user identities to enforce filesystem and permission boundaries.
RoadRunner is a high-performance application server and process manager designed to serve PHP applications using a persistent worker model. It eliminates bootload overhead and initialization time by keeping application processes alive between requests, acting as a protocol-agnostic proxy that routes traffic to a pool of supervised workers. The server is built with a plugin-based modular architecture, allowing it to be extended with custom Go plugins and compiled into tailored binaries. It distinguishes itself by providing a unified execution model for a wide array of communication protocols,
Starts worker processes under a designated Linux user identity to enforce correct system permissions and isolation.
Bubblewrap 是一个用于 Linux 的非特权沙盒执行实用程序,将进程与宿主系统隔离。它通过利用 Linux 命名空间来分离系统资源(包括网络、PID 和 IPC 栈)来创建安全环境。 该项目以支持在宿主机上无需 root 权限即可执行不受信任的软件而脱颖而出。它通过禁用 setuid 二进制文件的执行来防止权限提升,并使用用户身份映射将进程权限与宿主操作系统隔离。 该工具管理一个全面的安全表面,包括用于限制目录可见性和只读权限的文件系统访问控制。它还通过 seccomp 系统调用过滤进一步减少了内核攻击面。
Redefines user and group identities to isolate process permissions from the host operating system.
gosu 是一个基于 Go 的用户身份切换器和进程包装器,旨在以特定用户和组身份执行命令。它作为一个轻量级二进制文件,用于切换用户身份并在执行目标进程之前转发信号。 该工具专注于 Docker 容器中的容器入口点优化和用户管理。它支持以非 root 用户身份执行进程,同时确保操作系统信号到达子进程,并将目标命令建立为主要进程。 该工具管理 Linux 进程身份切换和特权进程执行。它利用系统调用进行身份切换,并提供标准流继承以将目标进程连接到现有的输入和输出流。
Starts commands under designated user and group identities to ensure OS-level process isolation.