Categories

Miroslav Franc: Linux's SECCOMP, its usecases and problems

Published: 10 June 2024
on channel: SUSE Labs
112
5

SECCOMP, short for SECure COMPuting, is a part of Linux kernel that allows restricting, logging or otherwise reacting to systemcalls or systemcall arguments a userspace process can invoke. The talk offers a brief introduction to SECCOMP API and its history. Further I will focus on how SECCOMP is currently used (sandboxing) and some of its current limitations. As a bonus, I will briefly talk about debugging SECCOMP enabled process with Valgrind.

Watch video Miroslav Franc: Linux's SECCOMP, its usecases and problems online, duration hours minute second in high quality that is uploaded to the channel SUSE Labs 10 June 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 112 times and liked it 5 visitors.

play_arrow
3,524
92

Photographing Yosemite National Park | Springtime Nature Photography 4K

Photographing Yosemite National Park | Springtime Nature Photography 4K
play_arrow
12,346
483

Its extreme hate speech, comrade Brinda Karat on PM Modi

Its extreme hate speech, comrade Brinda Karat on PM Modi
play_arrow
8,902
429

Forest Access, Dealing With Wet Clothing and Kit, Tarp Lines at Head Height |

Forest Access, Dealing With Wet Clothing and Kit, Tarp Lines at Head Height |

play_arrow
5,264
197

Eggy eats an egg

Eggy eats an egg
play_arrow
127
6

Autoscape| BEST RSPS SO FAR | MASSIVE GIVEAWAY !!!

Autoscape| BEST RSPS SO FAR | MASSIVE GIVEAWAY !!!
play_arrow
391
4

QUAKE 3 ARENA #8 NEMESIS vs Daemia (nightmare)

QUAKE 3 ARENA #8 NEMESIS vs Daemia (nightmare)
play_arrow
316
1

Vektörel Dalga Asma Tavan Sistem -Troyaline / Metal / TACER

Vektörel Dalga Asma Tavan Sistem -Troyaline / Metal / TACER
play_arrow
6,376
143

Better use that torch - guren edit

Better use that torch - guren edit
Related
play_arrow
Richard Biener: Compute offloading to your GPU with GCC and OpenMP

Richard Biener: Compute offloading to your GPU with GCC and OpenMP
play_arrow
Christian Goll: Warewulf - making cluster installations fast and reliable

Christian Goll: Warewulf - making cluster installations fast and reliable
play_arrow
Arne Wolf & Dario Faggioli: SAP HANA on KVM @ SUSE

Arne Wolf & Dario Faggioli: SAP HANA on KVM @ SUSE
play_arrow
David Mulder: Bridging Worlds: Linux and Azure AD

David Mulder: Bridging Worlds: Linux and Azure AD
play_arrow
Ondrej Holecek: SUSE Manager 5: A containerization story

Ondrej Holecek: SUSE Manager 5: A containerization story
play_arrow
Thorsten Kukuk: Update from the Future Technology Team

Thorsten Kukuk: Update from the Future Technology Team
play_arrow
Ignaz Forster: State of transactional-update: soft-reboots and less overlays

Ignaz Forster: State of transactional-update: soft-reboots and less overlays
play_arrow
Jan Kara: Recent page cache and VFS changes

Jan Kara: Recent page cache and VFS changes
play_arrow
Martin Jambor, Jan Hubicka: Optimizing C++ std::vector use in GCC 14

Martin Jambor, Jan Hubicka: Optimizing C++ std::vector use in GCC 14
play_arrow
Valentin Lefebvre: Securitized the initramfs and the UKI

Valentin Lefebvre: Securitized the initramfs and the UKI
play_arrow
Luna Dragon: Deep dive into Cockpit

Luna Dragon: Deep dive into Cockpit
play_arrow
Coly Li: What is bcachefs - outside and inside introduction

Coly Li: What is bcachefs - outside and inside introduction
play_arrow
Daniel Garcia: rpmlint GSoC experience

Daniel Garcia: rpmlint GSoC experience
play_arrow
Alberto Planas Dominguez: Current state of Full Disk Encryption in openSUSE

Alberto Planas Dominguez: Current state of Full Disk Encryption in openSUSE
play_arrow
Jiri Wiesner: Measuring latency with ftrace

Jiri Wiesner: Measuring latency with ftrace
play_arrow
Miroslav Franc: Linux's SECCOMP, its usecases and problems

Miroslav Franc: Linux's SECCOMP, its usecases and problems
play_arrow
Danilo Spinella: rinstall: make install for non-C projects, the modern way

Danilo Spinella: rinstall: make install for non-C projects, the modern way
play_arrow
Ludwig Nussel: Systemd-boot status update

Ludwig Nussel: Systemd-boot status update
play_arrow
Johannes Segitz: ALP and SELinux: One year later

Johannes Segitz: ALP and SELinux: One year later
play_arrow
Cyril Hrubis: Particularities of kernel test executor

Cyril Hrubis: Particularities of kernel test executor
play_arrow
Darragh O'Reilly: Server monitoring at SUSE using Velociraptor

Darragh O'Reilly: Server monitoring at SUSE using Velociraptor
play_arrow
Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote

Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote
play_arrow
Enno Gotthold: Orthos 2 past & future

Enno Gotthold: Orthos 2 past & future
play_arrow
Danilo Spinella: openSUSE packaging compared: is macro the way to go?

Danilo Spinella: openSUSE packaging compared: is macro the way to go?