Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Seccomp - What Can It Do For You?

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the capabilities and applications of Seccomp, a system call filtering tool built into Linux, in this 34-minute conference talk by Justin Cormack from Docker. Gain insights into Seccomp's role as a security layer in Docker and its journey towards becoming a default feature in Kubernetes. Learn about the practical benefits of Seccomp for enhancing real-world security and discover best practices for its implementation. Examine the reworking of Docker's default Seccomp policy based on security vulnerabilities encountered over the past five years. Understand how Seccomp can be utilized both as a policy in runtime environments and directly by applications. Delve into the challenges and pitfalls associated with Seccomp usage, particularly as syscalls evolve over time. Analyze case studies of security vulnerabilities and usability issues related to Seccomp implementation.

Syllabus

Intro
Justin Cormack
Secure Computing
In theory
seccomp in practise
In Docker and Kubernetes
Do not use
User namespaces
CVE 2016-3134
CVE 2020-8835
The war on Emacs
Accidentally broke Steam!
Performance
CVE 2018-17182
Don't use it?
Are small blocklists better?
Is it better to push to runtime? 3 Virtual
gVisor
Lambda like?
eBPF LSM
Prediction

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Seccomp - What Can It Do For You?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.