Linux Secure Computing (Seccomp) course outline

1. Course Introduction
2. Seccomp
   • Seccomp filtering and BPF
   • The BPF virtual machine and BPF instructions
   • BPF filter return values
   • BPF programs
   • Checking the architecture
   • Productivity aids (libseccomp and other tools)
   • Other filter return actions
3. Seccomp: Further Details
   • Caveats
   • Discovering the system calls made by a program
   • Further details on seccomp filters
   • Extended BPF (eBPF)
   • Further details on BPF programs
   • Recent seccomp features
   • User-space notification
   • Audit logging of filter actions (*)

(*) Topics marked with an asterisk may be covered, if time permits.

Return to the course overview