-
This chapter or a section within the relevant chapter will cover the concept of container immutability. It will also dive into how immutability can be implemented using the tools available like seccom…
-
Ubuntu 12.04 LTS comes with "mode 2 seccomp" and the mainline kernel is
currenly in the process of accepting seccomp patches.
In short, "mode 2 seccomp" adds an ability to apply s…
-
## What is the Problem Being Solved?
[seccomp(2)](https://en.wikipedia.org/wiki/Seccomp) is a Linux kernel facility that allows a process to voluntarily give up access to nearly everything. Once in…
-
I remember this was already discussed somewhere some years ago, but I couldn't find it (perhaps on a different project?), so I am opening it again here to continue a discussion.
The current way of …
-
Hi, I am planning to generate the BPF "assembly" code(`BPF_JUMP`, `BPF_STMT` etc.) by writing C or Python code.
```
struct sock_filter filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offs…
-
### Description
gvisor's blog page announces invalid RSS feed. The feed's URI is [https://gvisor.dev/blog/index.xml](https://gvisor.dev/blog/index.xml).
### Steps to reproduce
Tried to open feed …
-
**Description**
Running a container with `CAP_BPF` does not allow the `bpf` syscall. Running the same container with `CAP_SYS_ADMIN` allows the syscall.
The default seccomp profile blocks the sy…
-
https://hub.grid.tf/tf-official-vms/ubuntu-24.04-full.flist
Also tested, same result: https://hub.grid.tf/petep.3bot/ubuntu-24.04_fullvm.flist
```
root@hubbcdeptst:~/grid_deployment/grid-hub# doc…
-
### libseccomp *next major (2.6)*
- [x] New functions
- [x] `seccomp_export_bpf_mem` (#121)
- [x] New errno: `-ERANGE`, returned by `seccomp_export_bpf_mem` (relevant for `SeccompErrno`)
…
-
```
❯ docker run --platform=linux/amd64 -v $(pwd):/wrk -w /wrk -it ubuntu bash
root@70b365bc4f5d:/wrk# apt update && apt install curl -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 …