Container Internals and Runtime Engineering
Seccomp, AppArmor, and SELinux
You want to restrict which syscalls a container can make, so that even if it's compromised, it can't do much. Three technologies can do this. Which one, and how?
The concept and how it works
Coming soon.
Kernel and runtime level detail
Coming soon.
Practical examples and commands
Coming soon.
Common mistakes
Coming soon.
INTERVIEW QUESTION
How does a seccomp profile reduce container attack surface? What syscalls would you block and what breaks if you block the wrong ones?
←→ navigateM toggle sidebar