Show HN: Z-Jail – A 130 KB Linux sandbox-C99 with 7 defense layers and zero deps
Category: security
Tags: sandbox, linux, security, seccomp, c99
Score: 7.3/10 (Innovation: 7, Technical: 8, Documentation: 8, Utility: 6)
Z-Jail is a lightweight Linux sandbox (~130 KB) written in C99 with zero dependencies, implementing seven defense layers including namespaces, pivot_root, seccomp-BPF, and an evidence-based verdict engine. It's interesting for its extreme minimalism compared to alternatives like Firecracker or gVisor, while still providing production-grade isolation for CI pipelines and CTF challenges.
Target audience: security engineers, devops, CTF organizers
Repository: https://github.com/Division-36/Z-Jail/ · C · NOASSERTION · 34 stars
View on Hacker News