LinuxCommandLibrary

boxxy

Package applications into containers

TLDR

Run a program with file redirections defined in ~/.config/boxxy/boxxy.yaml

$ boxxy [program]
copy

Scan your home directory for rule suggestions
$ boxxy scan
copy

Trace what files a program touches and save a report in boxxy-report.txt in the current directory
$ boxxy [[-t|--trace]] [program]
copy

Pass a redirection rule directly on the terminal
$ boxxy [[-r|--rule]] [path/to/file_or_directory]:[path/to/redirection]:[file|directory] [program]
copy

View the config file
$ boxxy config
copy

Display help
$ boxxy -h
copy

SYNOPSIS

boxxy [options] <command> [<args>...]

PARAMETERS

-h, --help
    Show help message and exit

-v, --version
    Print version information

-q, --quiet
    Suppress non-error output

-l, --log-level LEVEL
    Set logging verbosity (error, warn, info, debug)

-p, --pid PID
    Trace existing process by PID

-c, --command COMMAND
    Trace processes matching command name

-o, --output FORMAT
    Output format: text, json, compact, tree, flame

--output-file FILE
    Write output to file instead of stdout

--latency
    Include syscall latency histograms

--flamegraph
    Generate flame graph data

--filter EXPR
    BPF filter expression for syscalls

--namespace NS
    Filter by network/mount/etc. namespace

DESCRIPTION

Boxxy is a high-performance Linux tracing tool that uses eBPF to intercept and visualize syscalls made by command-line applications. Developed by Shopify as a modern successor to strace(1), it offers superior speed, lower overhead, and richer features like process trees, flame graphs, latency histograms, and scriptable output formats. Unlike ptrace-based tracers, Boxxy attaches transparently via LD_PRELOAD or eBPF programs, enabling real-time debugging without slowing down traced processes significantly.

It excels in analyzing complex CLI workflows, identifying bottlenecks, I/O patterns, and resource usage. Supports filtering by syscall name, pid, or argument values, with output in text, JSON, or graphical formats. Ideal for developers, sysadmins, and performance engineers working on Linux systems with modern kernels (4.18+). Boxxy requires CAP_SYS_ADMIN privileges or root for full eBPF functionality.

CAVEATS

Requires Linux kernel 4.18+ with eBPF support; needs root or CAP_SYS_ADMIN/CAP_BPF. Not compatible with all environments (e.g., containers without privileges). High trace volume can overwhelm output in verbose modes.

INSTALLATION

Via Cargo: cargo install boxxy; or prebuilt binaries from GitHub releases.

EXAMPLE

boxxy -o tree curl https://example.com — traces curl with process tree view.

HISTORY

Developed by Shopify engineers starting in 2022 as an open-source eBPF tracer. Initial release v0.1.0 in early 2023; rapidly evolved with community contributions. Focuses on replacing legacy tools with eBPF for production-scale tracing.

SEE ALSO

strace(1), bpftrace(8), bpftool(8), perf(1)

Copied to clipboard