Seccomp in Kubernetes
In Part 1, we stayed close to the kernel.
We watched a process call uname(), attach a seccomp filter, and then get shut down at the syscall boundary. No permissions debate. No LSM policy. No capability check. The kernel simply said: that syscall does...
cloudsecburrito.com7 min read