Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat

less than 1 minute read

Abstract

Applying seccomp profiles to Kubernetes workloads is one of the most efficient ways in securing containers. The profiles have to be created with care and need to be maintained over the complete lifecycle of the application. This manual effort causes that many applications either stick to the runtime default profile or turn the feature off at all. In this talk, Sascha will demonstrate how to create a custom seccomp profile for a specific containerized application. It will cover the basic techniques of collecting the required syscalls by hand, and also advanced ways of utilizing eBPF and automatic audit log tracing. The session will also discuss the drawbacks of relying on automations. In the end, Sascha will show how to create multi architecture profiles and utilizes in-cluster enhancements like the Security Profiles Operator to create an application specific profile. Join this talk to learn more about seccomp in Kubernetes and how to secure your applications!Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google