eBPF-based Networking, Security, and Observability

Application Kernel for Containers

syzkaller is an unsupervised coverage-guided kernel fuzzer

The Go kernel for Jupyter notebooks and nteract.

eBPF-based Security Observability and Runtime Enforcement

A fully Go userland with Linux bootloaders! u-root can create a one-binary root file system (initramfs) containing a busybox-like set of tools written in Go.

A Go unikernel running on x86 bare metal

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

procfs provides functions to retrieve system, kernel and process metrics from the pseudo-filesystem proc.

The hypervisor-based container runtime for Kubernetes.

A tool for gathering and visualizing kernel scheduling traces on Linux machines

Framework for running BPF programs with rules on Linux as a daemon. Container aware.

High Performance ServiceMesh Data Plane Based on Programmable Kernel

BTFhub, in collaboration with the BTFhub Archive repository, supplies BTF files for all published kernels that lack native support for embedded BTF. This joint effort ensures that even kernels without built-in BTF support can effectively leverage the benefits of eBPF programs, promoting compatibility across various kernel versions.

📺 Automatically capture all potentially useful information about each executed command (as well as its output) and get powerful querying mechanism

Linux Process Discovery. C Library, Go bindings, Runtime.

KVM based tiny x86 hypervisor written in pure golang, which can boot Linux

FaaS platform for running raw Go functions.

SystemBoot is a LinuxBoot distribution that works as a system firmware + bootloader, based on u-root

Tools to let a u-root instance boot signed live distro images over the web