Tag
seccomp
Safeguard articles tagged "seccomp" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Container Security
Container isolation mechanisms explained: namespaces, cgroups, seccomp, and gVisor
Docker's default seccomp profile blocks roughly 44 of the 300-plus Linux syscalls, yet a 2019 runc escape bypassed every default namespace boundary anyway.
Jul 13, 20267 min read
Container Security
Container isolation with namespaces, cgroups, and seccomp
Namespaces, cgroups, and seccomp each isolate a different layer of a container — and a single misconfigured one, like CVE-2024-21626 showed, breaks all three.
Jun 27, 20266 min read
Container Security
Kubernetes 1.27 Security Highlights
Kubernetes 1.27 graduated seccomp default, introduced in-place pod resize, and cleaned up admission. Here is what actually matters for cluster security.
Aug 11, 20235 min read