Using Seccomp to Limit the Linux Kernel Attack Surface

Explore the Linux seccomp (Secure Computing) facility in this comprehensive conference talk from NDC Security 2023. Learn how developers can leverage seccomp to restrict the system calls an application can make, enhancing security by preventing exploited code from executing arbitrary system calls. Discover the widespread use of seccomp in various software, including containers (Docker, Podman), web browsers, Firejail, Flatpak, and strace. Gain an introduction to seccomp usage, explore productivity aids for developing seccomp filters, and understand important caveats surrounding its implementation. Delivered by Michael Kerrisk, this hour-long presentation offers valuable insights for developers and security professionals looking to strengthen their Linux-based applications and systems.

Using seccomp to limit the Linux kernel attack service - Michael Kerrisk - NDC Security 2023