DevConf.CZ 2020 has ended
Back To Schedule
Saturday, January 25 • 5:00pm - 5:25pm
Generate seccomp profiles for containers using bpf

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Podman is an open-source cli tool for working with containers, pods and container images. It uses a kernel feature called seccomp to filter syscalls made by the processes inside the container. This allows Podman to reduce the attack surface of the kernel which is exposed to the container.
Currently, everybody ships the same basic seccomp profile. This tool allows us to generate seccomp rules based on what the container actually requires and allows us to lock down the container by reducing the attack surface to the kernel.
This summer Dan Walsh, Valentin Rothberg and worked during Google Summer of Code to create an OCI hook to generate seccomp rules for a container based on the syscalls that the container actually made.
This talk will explain how the tool works and demonstrate it in action.

avatar for Divyansh Kamboj

Divyansh Kamboj

Student, Jaypee institute of information technology
I’m a computer science student, I love to hack! Last summer I worked on podman with Dan Walsh and Valentin Rothberg, under Google Summer of Code 2019.
avatar for Dan Walsh

Dan Walsh

Senior Distinguished Engineer, Red Hat
Daniel Walsh has worked in the computer security field for over 30 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan leads the Red Hat Container Engineering team since August 2013, but has been working on container tec
avatar for Valentin Rothberg

Valentin Rothberg

Senior Software Engineer, Red Hat
Valentin is an engineer in Red Hat's container runtimes team, focusing on and maintaining various open-source projects such as Buildah, Podman, Skopeo and CRI-O. He contributed to many other projects in the containers landscape such as Kubernetes, the Linux kernel, Moby, Google Cloud... Read More →

Saturday January 25, 2020 5:00pm - 5:25pm CET
D105 Faculty of Information Technology Brno University of Technology, Božetěchova, Brno-Královo Pole, Czechia