Loading…
Virtual Event
November 17–November 20, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, November 20 • 4:00pm - 4:35pm
Seccomp: What Can It Do For You? - Justin Cormack, Docker

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


Seccomp is a system call filtering tool built into Linux. It has been used as a security layer in Docker for coming up to five years, and is working through a long path to become on by default in Kubernetes. We look at what seccomp can usefully do to improve real world security, and how best to use it. This talk also covers a reworking of the widely used Docker default seccomp policy, based on experience of security vulnerabilities in the last five years. Seccomp can both be used as a policy in a runtime, and also directly by applications, so both aspects are covered. The policy has also caused a number of usability issues over the years, so we look at the pitfalls involved in using it as syscalls change over time.

Speakers
avatar for Justin Cormack

Justin Cormack

CTO, Docker
Justin is a senior engineer and security lead at Docker. He is a maintainer of the Notary project, and a member of the CNCF TOC and SIG Security. He has been working in container security for five years.



Friday November 20, 2020 4:00pm - 4:35pm EST
Intrado Virtual Event Platform