Seccomp

Seccomp is short for secure computing mode. This feature is available since Linux version 2.6.12 and provides fairly simple sandboxing capabilities. When a process enables seccomp, the number of system calls will be limited to exit(), read(), sigreturn(), and write().

Seccomp-BPF

Seccomp-BPF is an extension to seccomp and available since Linux version 3.5. It allows filtering of system calls using BPF (Berkeley Packet Filter). The filters define which system calls can be used. It can even filter on system call arguments.

Seccomp

Table of Contents

Seccomp

Seccomp-BPF

Linux Security

Resources

Training

Tools

People

Linux Security Expert