Blogpost material: how to use a custom seccomp profile on a managed Kubernetes cluster
-
Updated
Sep 8, 2022 - Shell
Blogpost material: how to use a custom seccomp profile on a managed Kubernetes cluster
My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.
Grsecurity patched Linux, further modified to "containerise" processes automatically. RBAC system has been enhanced to support control of system call filters and namespaces. Currently supports network, IPC and UTS namespaces as well as seccomp filters. Currently x86-64 only. See also https://github.com/dderby/gradm
Flask demo for presentation at Devops NG on Linux container hardening
optrace records output files written by each process and accumulates total written data size
Gradm with added support to control system call filters and network, IPC and UTS namespaces. Currently supports x86-64 only. See also https://github.com/dderby/linux-4.4.6
Automate seccomp filter generation in your CI pipeline
Flask demo for presentation at Devops NG on Linux container hardening
Adding a seccomp filter to a source code
Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator
Add a description, image, and links to the seccomp topic page so that developers can more easily learn about it.
To associate your repository with the seccomp topic, visit your repo's landing page and select "manage topics."