Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the challenges and solutions for handling new system calls in seccomp filters during this 31-minute conference talk from the Linux Foundation. Learn about the current limitations of libseccomp's allow list and deny list filtering approaches when systems are updated to newer kernels with new syscalls, where allow lists may block legitimate new syscalls causing container failures, while deny lists may inadvertently permit dangerous new syscalls creating security vulnerabilities. Discover the proposed solution developed by the libseccomp team to address these kernel version compatibility issues. Engage in an interactive discussion between the libseccomp developers Tom Hromatka from Oracle Corporate and Paul Moore from Microsoft and the Linux Security Summit audience about current problem-solving approaches, evaluation of the proposed functionality and API, and additional suggestions for kernel version-based syscall filtering improvements.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
