Seccomp - What Can It Do For You?
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the capabilities and applications of Seccomp, a system call filtering tool built into Linux, in this 34-minute conference talk by Justin Cormack from Docker. Gain insights into Seccomp's role as a security layer in Docker and its journey towards becoming a default feature in Kubernetes. Learn about the practical benefits of Seccomp for enhancing real-world security and discover best practices for its implementation. Examine the reworking of Docker's default Seccomp policy based on security vulnerabilities encountered over the past five years. Understand how Seccomp can be utilized both as a policy in runtime environments and directly by applications. Delve into the challenges and pitfalls associated with Seccomp usage, particularly as syscalls evolve over time. Analyze case studies of security vulnerabilities and usability issues related to Seccomp implementation.
Syllabus
Intro
Justin Cormack
Secure Computing
In theory
seccomp in practise
In Docker and Kubernetes
Do not use
User namespaces
CVE 2016-3134
CVE 2020-8835
The war on Emacs
Accidentally broke Steam!
Performance
CVE 2018-17182
Don't use it?
Are small blocklists better?
Is it better to push to runtime? 3 Virtual
gVisor
Lambda like?
eBPF LSM
Prediction
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube