Security: Filtering System Calls in Docker and Kubernetes

Not all containers are trustworthy – and even those you build yourself can be hacked. Malicious software might be included in the images or downloaded into the container at runtime.

While generic containers should keep the bad guys contained (hence, the name) it is possible to further improve security by limiting which system calls a container may execute.

In this talk we’ll explain what system calls are, exactly how to filter them with Kubernetes and Docker, and how doing so improves security.

Speaker

 


Andreas Jaekel

CC-Newsletter

Sie möchten über die Continuous Lifecycle und die ContainerConf auf dem Laufenden gehalten werden?

 

Anmelden