lockc

lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads.

The main technology behind lockc is eBPF - to be more precise, its ability to attach to LSM hooks

License for eBPF programs: GPLv2

License for userspace part: Apache-2.0

Please note that currently lockc is an experimental project, not meant for production environment and without any official binaries or packages to use - currently the only way to use it is building from sources.