Automated Seccomp policy generation for docker images
-
Updated
Sep 4, 2017 - Roff
Automated Seccomp policy generation for docker images
How to use the new Security Profiles Operator
[WIP] Testing Seccomp profile with Docker.
Blogpost material: how to use a custom seccomp profile on a managed Kubernetes cluster
Sandbox for multi-process applications for unprivileged users on Linux
Experiments with unshare
Grsecurity patched Linux, further modified to "containerise" processes automatically. RBAC system has been enhanced to support control of system call filters and namespaces. Currently supports network, IPC and UTS namespaces as well as seccomp filters. Currently x86-64 only. See also https://github.com/dderby/gradm
CLI programs sandboxing solution for GNU/Linux, used in Overtest LMS
🥷 seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)
My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.
Add a description, image, and links to the seccomp topic page so that developers can more easily learn about it.
To associate your repository with the seccomp topic, visit your repo's landing page and select "manage topics."