fence
« Back to VersTracker
Description:
Lightweight sandbox for commands with network and filesystem restrictions
Type: Formula  |  Tracked Since: Jan 26, 2026
Links: Homepage  |  GitHub  |  formulae.brew.sh
Stars: 194  |  Forks: 3  |  Language: Go  |  Category: Security
Tags: sandbox security go isolation cli
Install: brew install fence
About:
Fence is a lightweight sandboxing tool written in Go that isolates command execution by restricting network access and filesystem operations. It provides a simple way to run untrusted commands or scripts in a controlled environment, minimizing potential damage from malicious or buggy code. Its main value is offering easy-to-use, command-level containment without the complexity of full virtual machines or containers.
Key Features:
  • Network access restriction (block inbound/outbound traffic)
  • Filesystem access control (allow/deny specific paths)
  • Lightweight process isolation via Linux namespaces and seccomp-bpf
  • Simple command-line interface for quick sandboxing
  • Written in Go for portability and single-binary deployment
Use Cases:
  • Safely running untrusted scripts or binaries from external sources
  • Isolating build or test processes to prevent accidental system modifications
  • Creating a restricted environment for educational or demo purposes
Alternatives:
  • firejail – More feature-rich and complex sandbox with GUI support, whereas fence is minimalist and CLI-focused.
  • bubblewrap – Lower-level sandboxing tool often used by Flatpak; fence provides a more user-friendly command wrapper.
  • docker – Full containerization solution; fence is a much lighter alternative for simple command isolation.
Version History
Detected Version Rev Change Commit
Jan 26, 2026 9:57pm 0 META 26e6b474