tool

Seccomp

Seccomp (short for secure computing mode) is a Linux kernel security feature that allows processes to restrict the system calls they can make, reducing the attack surface and limiting potential damage from compromised applications. It works by filtering syscalls based on predefined policies, either in a strict mode that only allows a minimal set or a more flexible filter mode using Berkeley Packet Filter (BPF) rules. This tool is essential for containerization and sandboxing environments to enforce least-privilege principles.

Also known as: Secure Computing Mode, seccomp-bpf, syscall filtering, Linux seccomp, SCMP
🧊Why learn Seccomp?

Developers should learn and use Seccomp when building secure applications, especially in containerized deployments like Docker or Kubernetes, to mitigate risks from privilege escalation and code execution vulnerabilities. It's crucial for sandboxing untrusted code, such as in web browsers or serverless functions, and for compliance with security standards in cloud-native architectures. Implementing Seccomp policies helps harden systems by preventing malicious processes from making unauthorized syscalls.

Compare Seccomp

Seccomp vs ApparmorSeccomp vs SelinuxSeccomp vs Namespaces

Learning Resources

📄
Linux Kernel Documentation: Seccomp
docs
📄
Docker Security: Seccomp
docs
📝
Linux Security and Isolation APIs - Seccomp Tutorial
tutorial
🔗
Seccomp BPF in Practice
article
🎬
YouTube: Understanding Seccomp in Linux
video

Related Tools

Linux KernelDockerKubernetesSystem CallsSandboxing

Alternatives to Seccomp

ApparmorSelinuxNamespaces