Explore practical system call filtering with Seccomp in this informative conference talk. Learn how to protect embedded Linux systems by implementing system call filtering for potentially vulnerable applications. Discover the kernel's Seccomp feature and the LibSeccomp library, which can limit and control process system calls. Understand how to launch applications as child processes with filters in place, and explore system-level implementation using SystemD or isolated execution environments like LXC containers. Gain insights into stopping compromised applications from performing undesirable actions. This talk builds upon the earlier presentation "Confining Linux Applications with LibSeccomp" from the IoT Security Foundation 8th Annual Conference in October 2022.
Overview
Syllabus
Designing to the Worst Case Scenario - Practical System Call Filtering with Seccomp - Simon Goda
Taught by
Linux Foundation