all InfoSec news
Container security fundamentals part 6: seccomp
Datadog Security Labs securitylabs.datadoghq.com
Throughout this series, we've covered various layers of security that can isolate containers not only from other processes on the host but also from their underlying host. In this post, we'll discuss how seccomp filters are used as a "last line of defense" by container runtimes.
Syscalls and seccomp overview
Seccomp filters are a way of restricting which Linux syscalls a process can perform. Syscalls are essentially the interface between userspace programs and the Linux kernel. Whenever a program …
container containers container security defense discuss fundamentals host processes seccomp security series syscalls