Explore the intricacies of Seccomp (secure computing) in this comprehensive 52-minute conference talk by Michael Kerrisk at NDC Conferences. Dive deep into the Linux kernel's system call filtering mechanism, understanding how to limit and control program interactions with the kernel. Learn about the BPF virtual machine, its role in examining system call numbers and arguments, and how to write effective filter programs. Discover practical examples of restricting permitted system calls, productivity aids for BPF filter creation, and important considerations for implementation. Gain valuable insights into this widely-used tool employed by Docker, LXC, web browsers, systemd, Flatpak, and Firejail. From Seccomp's history and filter modes to BPF instructions and system call conventions, acquire a solid foundation in enhancing Linux system security through precise system call management.
Using Seccomp to Limit the Kernel Attack Surface
Overview
Syllabus
Intro
What is Seccomp
System calls
Seccomp history
Filter mode
System call limitation
Seccomp
Second Filtering
BPF
Virtual Machine
Conditional Jump Instructions
Relative Offsets
System Call Structure
BPF Statement
BPF Jump
BPF Return
ADD
Architecture
System Call Numbers
System Call Conventions
Filter Program
Example
Performance Cost
Which System Causes My Application Make
What About That
System Call Filtering
Lubeset Comp
Seccomp Context
BPF Compiler
JIT Compiler
Applications
Further Information
Questions
Taught by
NDC Conferences
