The aim of this task is to build an understanding of seccomp, and to use seccomp to secure containers.
- Prepare and read about seccomp so you get a feel for what seccomp is all about. You should then be able to talk about terms like syscalls, seccomp and seccomp profile.
- Create an Exoscale Account and a VM (Linux Ubuntu 22.04 LTS 64-bit) and make sure you can SSH into it. If you have already received an invitation by e-mail for Exoscale, you can of course use this account.
- Install docker on the vm.
- Read the Story
- Read Story 2 and help your colleague.
- Maybe you can help Alice with her task.
- Maybe you can support Alice and Bob with their problem as well.
- Check out tracee from aquasecurity to trace syscalls.
- Check out how you could use seccomp to secure a Kubernetes Cluster
- Link to seccomp description: https://www.kernel.org/doc/html/v4.18/userspace-api/seccomp_filter.html
- List of syscalls: https://de.wikipedia.org/wiki/Liste_der_Linux-Systemaufrufe
- Kubernetes Seccomp Documentation: https://kubernetes.io/docs/tutorials/security/seccomp/