Using seccomp to limit the Linux kernel attack service - Michael Kerrisk - NDC Security 2023

The Linux seccomp (Secure Computing) facility allows developers to limit the set of system calls that an application can make. This can be used, for example, to prevent exploited code from executing arbitrary system calls. Seccomp is used in wide array of software including containers (Docker, Podman, etc.), web browsers, Firejail, Flatpak, and even strace. This presentation provides an introduction to the use of seccomp, looks at some some productivity aids to speed development of seccomp filters, and considers some caveats around the use of seccomp. Check out our new channel: NDC Clips: ‪@ndcclips‬ Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndc-security.com/

Join Today
What I learnt about automating security - George Coldham - NDC Security 2023
▶︎

What I learnt about automating security - George Coldham - NDC Security 2023

Secure development with C++ - Lessons and techniques - Helge Penne - NDC TechTown 2023
▶︎

Secure development with C++ - Lessons and techniques - Helge Penne - NDC TechTown 2023

Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org Training and Consulting
▶︎

Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org Training and Consulting

Understanding File Descriptors in Unix/Linux
▶︎

Understanding File Descriptors in Unix/Linux

Demystifying Process Address Space: Heap, Stack, and Beyond - Piotr Wierciński - NDC TechTown 2024
▶︎

Demystifying Process Address Space: Heap, Stack, and Beyond - Piotr Wierciński - NDC TechTown 2024

Stephen Dolan, "Types for more than memory safety in OxCaml", VeTSS Annual Conference 2026
▶︎

Stephen Dolan, "Types for more than memory safety in OxCaml", VeTSS Annual Conference 2026

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko, Duffie Cooley
▶︎

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko, Duffie Cooley

Linux user namespaces: a blessing and a curse - Ignat Korchagin - NDC TechTown 2024
▶︎

Linux user namespaces: a blessing and a curse - Ignat Korchagin - NDC TechTown 2024

OAuth and the long way to Proof of Possession - Dominick Baier & Steinar Noem - NDC Security 2023
▶︎

OAuth and the long way to Proof of Possession - Dominick Baier & Steinar Noem - NDC Security 2023

Is the UK worse off because of Brexit? | BBC News
▶︎

Is the UK worse off because of Brexit? | BBC News

Seccomp Security Profiles and You: A Practical Guide - Duffie Cooley, VMware
▶︎

Seccomp Security Profiles and You: A Practical Guide - Duffie Cooley, VMware

NestJS Full Course for Beginners in 2026 | Build a Production-Ready API
▶︎

NestJS Full Course for Beginners in 2026 | Build a Production-Ready API

Designing to the Worst Case Scenario - Practical System Call Filtering with Seccomp - Simon Goda
▶︎

Designing to the Worst Case Scenario - Practical System Call Filtering with Seccomp - Simon Goda

Tutorial: The Why and How of libseccomp - Tom Hromatka, Oracle & Paul Moore, Cisco
▶︎

Tutorial: The Why and How of libseccomp - Tom Hromatka, Oracle & Paul Moore, Cisco

"An abridged history of Linux kernel security" - Russell Currey (Everything Open 2023)
▶︎

"An abridged history of Linux kernel security" - Russell Currey (Everything Open 2023)

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Memory Safety: Rust vs. C - Robert Seacord - NDC TechTown 2024
▶︎

Memory Safety: Rust vs. C - Robert Seacord - NDC TechTown 2024

pwn.college - Kernel Security - Escaping Seccomp (for real!)
▶︎

pwn.college - Kernel Security - Escaping Seccomp (for real!)

Containers unplugged: understanding user namespaces - Michael Kerrisk
▶︎

Containers unplugged: understanding user namespaces - Michael Kerrisk

Introduction to eBPF - Martin Ertsås - NDC TechTown 2024
▶︎

Introduction to eBPF - Martin Ertsås - NDC TechTown 2024