A lightweight sandboxing utility designed for runtime process isolation using Docker. This tool allows you to extract a running process by its PID, encapsulate it in a Docker container, and apply a custom Seccomp profile to restrict its system calls—effectively removing it from the host system while maintaining controlled execution.
⚙️ Built With: Python · Docker · Seccomp
- ✅ Containerizes a live process by PID
- ✅ Isolates the process from the host system
- ✅ Applies a custom Seccomp profile for syscall filtering
- ✅ Supports custom executables with minimal configuration
- ✅ Simple and extensible Python codebase
- Accepts a PID of a running process.
- Gathers the required file or script associated with that process.
- If
flagged_file.pyis not found, it needs to be copied fromflagged_file.txt. - Launches a Docker container, isolates the process inside it.
- Applies a Seccomp profile to restrict dangerous or unneeded system calls.
✅ Prerequisite: Ensure Docker is installed and running on your system.
git clone https://github.com/yourusername/sandboxing-tool.git
cd sandboxing-tool- If it's not already present, the tool will automatically generate flagged_file.py from flagged_file.txt.
Or create it manually:
cp flagged_file.txt flagged_file.py- Make a new python virtual environment and then install psutil
pip install psutilpython sandbox_launcher.py-
You can sandbox other types of executables by doing the following:
-
Replace flagged_file.py with your desired file.
-
Modify sandbox_launcher.py accordingly to reference the new filename and update Docker command if needed.
-
Run the tool as usual.
-
-
This project leverages:
-
🐳 Docker containerization for runtime isolation
-
🔒 Seccomp syscall filtering for fine-grained control over allowed operations
-
-
To further tighten security, review and customize the seccomp_profile.json according to your specific requirements.