Using Seccomp to Limit the Kernel Attack Surface

Explore the seccomp (secure computing) facility for limiting the kernel attack surface in this comprehensive conference talk. Learn how to select permitted system calls and restrict their arguments using BPF programs. Discover applications of seccomp in sandboxing, failure-mode testing, web browsers, and container systems. Delve into the basics of the BPF virtual machine, examine filtering program examples, and explore productivity aids for writing seccomp filters. Gain insights into the history, functionality, and implementation of seccomp, including BPF instructions, system call data handling, and filter program structures. Consider important caveats and limitations when using seccomp for system call filtering. Presented by Michael Kerrisk, renowned author of "The Linux Programming Interface" and maintainer of the Linux man-pages project, this talk provides valuable knowledge for developers and system administrators working with Linux and UNIX systems.

Introduction
History of Seccomp
Seccomp Filtering
Seccomp Filtering History
How Seccomp Works
Berkeley Packet Filter
BPF Virtual Machine
Conditional Jump Instructions
Relative Offsets
The Kernel
System Call Data
Example Load Instruction
Example Conditional Jump
Example Return Statement
Architecture Field
Answer the Filter
Kill the Process
Attacker
Unprivileged User
Example Program
Filter Program Structure
Running the Program
BPA Filter Example
A Word of Warning
LibSetComp
Multiple filters
Two microphones
Contacts
SOC Camera
SOC Glossary
Seccomp Camera