Miroslav Franc: Linux's SECCOMP, its usecases and problems
SECCOMP, short for SECure COMPuting, is a part of Linux kernel that allows restricting, logging or otherwise reacting to systemcalls or systemcall arguments a userspace process can invoke. The talk offers a brief introduction to SECCOMP API and its history. Further I will focus on how SECCOMP is currently used (sandboxing) and some of its current limitations. As a bonus, I will briefly talk about debugging SECCOMP enabled process with Valgrind.