Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the technical challenges and proposed solutions for implementing multiple seccomp listeners in nested container environments in this 27-minute conference talk from the Linux Plumbers Conference. Learn about the current limitations of seccomp listeners, which are restricted to a single listener per process, and understand how this constraint creates problems in nested container scenarios where multiple container runtimes need to intercept different system calls simultaneously. Discover the workarounds currently employed by container runtimes like LXC, which often disable seccomp listeners when detecting confinement, and examine the speaker's proposed approaches for supporting multiple or nested listeners. Gain insights into user-space API design considerations and their kernel-level implications, while reviewing the technical details of a submitted kernel patchset that addresses these challenges for improved container security and functionality.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
