Loading…
Edinburgh, Scotland, UK
October 21 & October 25 | Co-Located Events, Tutorials, & Workshops
October 22-24 | Conference
Find out more information for Open Source Summit + Embedded Linux Conference & OpenIoT Summit Europe 2018

Please note that you can view and download presentations on the Open Source Summit and Embedded Linux Conference + OpenIoT Summit slides pages. 
View analytic
Monday, October 22 • 14:15 - 14:55
Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org Training and Consulting

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The seccomp (secure computing) facility is a means to select exactly which system calls a program is permitted to make and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs--programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Seccomp applications include sandboxing and failure-mode testing, and seccomp is by now used in a number of web browsers, container systems, and elsewhere. After outlining the basics of the BPF virtual machine, we look at some examples of filtering programs that restrict the set of permitted system calls, consider some productivity aids for seccomp writing filters, and note also some caveats to with respect to the use of seccomp.

Speakers
avatar for Michael Kerrisk

Michael Kerrisk

Trainer/consultant, man7.org Training and Consulting
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space... Read More →



Monday October 22, 2018 14:15 - 14:55
Lennox 3, Level -2

Attendees (219)