CNCF-hosted Co-located Events North America 2024

Seccomp has long been a critical security feature in the Linux kernel, as a powerful tool for access control. With the emergence of eBPF, the landscape of kernel security has started evolving rapidly. It offers opportunities for improving and extending security policies. In this talk we will show how to achieve some of seccomp's capabilities and extend them using eBPF and KRSI in security use cases. The talk will give an overview of Seccomp in general and in Kubernetes, focus on its importance in securing containerized workloads. We will review applicable eBPF capabilities, showing how it changes the way we can inspect and filter syscalls at runtime. We will introduce KRSI and LSM, showing how they can enhance kernel security. The session will end with a demo of our PoC that leverages eBPF and KRSI to create a modern alternative to seccomp. Illustrating a real-world option, will provide attendees with practical knowledge on how to reinvent Seccomp for enhanced security.