Seccomp and eBPF: Understanding Container Security and Kernel Access Control
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Learn about container security hardening through a 32-minute conference talk exploring Secure Computing (seccomp) and eBPF technologies. Discover how to effectively limit container access to shared Linux kernels in Kubernetes environments by implementing the principle of least privilege. Through live demonstrations, explore and compare these two approaches for restricting system calls, file access, binary execution, and external DNS name resolution for containerized processes. Gain practical insights into choosing the most suitable security solution for your specific environment while understanding the fundamental differences between seccomp and eBPF implementations.
Syllabus
Seccomp and eBPF; What’s the Difference? Why Do I Need to Kno... Natalia Reka Ivanko & Duffie Cooley
Taught by
CNCF [Cloud Native Computing Foundation]