YoVDO

Sandboxing a Linux Application

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Sandboxing Courses Seccomp Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of sandboxing Linux applications in this comprehensive conference talk from NDC Security 2022. Delve into the methods of isolating applications from the rest of the Linux system, safely evaluating downloaded code, and understanding how Docker sets up new filesystems. Learn to create your own sandbox using available Linux APIs, gaining insights into how major projects like Chromium and Docker utilize these techniques for system protection and problem-solving. Cover topics including namespaces, user and PID namespaces, file system manipulation, and Seccomp for system protection. Gain practical knowledge through an example application, exploring concepts such as running as root, creating new mount points, and implementing temporary file systems.

Syllabus

Intro
Who am I
Disclaimer
What is a Sandbox
Why use a Sandbox
Application expectations
Setting up a sandbox
Example application
namespaces
usernamespace
mappings
running as root
making a new file system
making a new mount point
making a temporary file system
proc file system
new proc namespace
pid namespace
Create new namespace
Clone newnet
Build the application
Protect the system
Seccomp
Seccomp Program
libsec comp
argument checks
compare strings


Taught by

NDC Conferences

Related Courses

Health Informatics: Data and Interoperability Standards
Georgia Institute of Technology via edX
Fractal Architecture
NDC Conferences via YouTube
Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube
Refactoring Is Not Just Clickbait
NDC Conferences via YouTube
Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube