š§ This platform open-source and is in early development. We welcome feature requests and pull requests! š
Introduction to the Kubernetes Seccomp Operator (RTFM with Rawkode)
In this episode, joined by Daniel Mangum and Sascha Grunert, we take a look at the Seecomp Operator for Kubernetes; allowing for new security primitives for your Kubernetes environments.seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except those defined through a seccomp profile.The Seccomp Operator is an out-of-tree Kubernetes enhancement which aims to make managing and applying seccomp profiles more easy and straight forward in Kubernetes.š°. Timeline00:00 - Holding screen00:30 - Introductions03:20 - What is seccomp and the seccomp operator18:00 - Installing the seccomp operator20:00 - Seccomp profiles31:00 - Deploying nginx with and without a seccomp profile57:00 - Switching to Linux because Docker for Mac wasn't working1:01:00 - Tracing blocked syscalls1:04:00 - Listing syscalls with strace1:09:30 - Using podman to generate seccomp profilesšš»āāļø Want some help?š¬ Leave a commentš¦ Ping me on Twitter - https://twitter.com/rawkodeš Schedule some time during my office-hours - https://rawko.de/office-hoursš LinksDaniel Mangum - https://twitter.com/hasheddanSascha Grunert - https://twitter.com/saschagrunertSeccomp - https://en.wikipedia.org/wiki/SeccompSeccomp Operator - https://github.com/kubernetes-sigs/seccomp-operator