Security tool aimed at providing safe environments
Go to file
kitzman 790d094b67 WIP added state + pulling docker + now working on FS creation for VMs 2021-12-23 00:38:19 +02:00
src WIP added state + pulling docker + now working on FS creation for VMs 2021-12-23 00:38:19 +02:00
.gitignore first commit 2021-08-30 18:39:41 +03:00
Cargo.toml WIP added state + pulling docker + now working on FS creation for VMs 2021-12-23 00:38:19 +02:00
LICENSE first commit 2021-08-30 18:39:41 +03:00
README.md Updated 'README.md' 2021-09-02 16:02:50 +00:00

README.md

WIP

Synopsis

Moksha is a tool to manage safe, isolated environments to run your daily software. As it is WIP, in the future it will provide:

  • automatic management of filesystems (overlays, encryption)
  • management of seccomp and capabilities
  • containers
  • KVM VMs
  • Xen VMs
  • the ability to revert overlays (in the case that the filesystem is compromised)
  • the ability to configure each binary (in which environment it runs, with which permissions, network, mounts, xserver, etc)
  • the ability to script custom config directives (I'm thinking C, Rust, V, Guile)
  • LD_LIBRARY_PATH-based wrapper
  • (possibly) an init (PID 1) wrapper
  • the ability to init the system (i.e: image and overlay repo, Xen options, KVM options, etc)

The purpose of this tool is to provide a more configurable and customizable setup than firejail and QubesOS combined.

Currently, this repo provides nstool only - a tool to list namespaces and to unshare into new ones.