Security: Filtering System Calls in Docker and Kubernetes

Not all containers are trustworthy – and even those you build yourself can be hacked. Malicious software might be included in the images or downloaded into the container at runtime.

While generic containers should keep the bad guys contained (hence, the name) it is possible to further improve security by limiting which system calls a container may execute.

In this talk we’ll explain what system calls are, exactly how to filter them with Kubernetes and Docker, and how doing so improves security.

 

Speaker

 


Andreas Jaekel

Platin-Sponsor

Gold-Sponsoren




Silber-Sponsoren


INNOQ

´
XebiaLabs

Bronze-Sponsor



CC-Newsletter

Sie möchten über die ContainerConf
auf dem Laufenden gehalten werden?

 

Anmelden