Improving Container Security Using Seccomp Runtime Hooks

Looking for new methods for improving container security? Try using an OCI runtime hook for tracing syscalls prior to building a container. This article explains how this can be done.

Containers run everywhere. They run in the cloud, on IoT devices, in small and big companies, and wherever they run, we want them to do so as securely as possible. In this article, I describe the Google Summer of Code 2019 project that Dan Walsh and I have been working on with a brilliant student, Divyansh Kamboj, and how we improved container security.

The tool has further matured in the past year and is planned to be released with Red Hat Enterprise Linux 8.3. More than just one reason to have a closer look!