seccomp()

Creator
Creator
Seonglae ChoSeonglae Cho
Created
Created
2024 May 10 4:17
Editor
Edited
Edited
2024 May 19 3:4
Refs
Refs

SECure COMPuting with filters

seccomp allows developers to write complex rules to allow/disallow certain system calls or filter system calls based on argument variables. seccomp rules are inherited by children process.
https://chromium.googlesource.com/chromium/chromium/+/refs/heads/main/sandbox/linux
It can reduce
TCB
and prevents
Dot-Dot Attack
. seccomp uses the kernel functionality
eBPF
.
 
 
 
 
 

Recommendations