I built kprotect because I wanted a way to protect my sensitive files (SSH keys, env files) that went beyond just standard Linux permissions. Even if a process is running as root, it shouldn't be able to read my secrets unless it’s part of a trusted execution chain.

How it works: It uses BPF LSM (Linux Security Modules) to intercept file access at the kernel level. Instead of just checking the PID or the binary name, it looks at the entire lineage (the "Chain of Trust"). For example, cat is only allowed to read my SSH keys if the parent process is my-terminal and the grandparent is vscodium.

Key Tech:

Backend: Rust + Aya (for the eBPF bits).

Frontend: Tauri + React for the dashboard.

Security: Logs and configs are AES-encrypted to prevent tampering.

It’s currently in beta (0.1.0). It requires a kernel (5.10+) with BPF LSM enabled. I'd love to hear feedback on the "Chain of Trust" logic—specifically if anyone sees edge cases in how I'm verifying the process ancestors. GitHub: https://github.com/khoinp1012/kprotect