-
Welcome
-
Subscribe to
What do we call an explosive mix of LSM, cgroup, BPF, seccomp ?
Session information has not yet been published for this event.
One Line Summary
checmate or landlock
Abstract
Two BPF based LSM have been proposed to solve a variety of the use cases in security, monitoring and container networking:
- landlock by Mickael https://lkml.org/lkml/2016/8/25/286
- checmate by Sargun https://lkml.org/lkml/2016/8/4/58
landlock is following seccomp approach by attaching to task hierarchy.
checmate is working with cgroups.
The goal of this BoF is to understand the use cases and talk about the path forward.
Anyone working on seccomp, cgroup, bpf, lsm is invited to join :)
Speakers
-
Kees Cook
Google- Blog: http://outflux.net/blog/
- Twitter: kees_cook
Biography
Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed by Google to work on Nexus, Brillo, and Chrome OS Security. From 2006 through 2011 he worked for Canonical as the Ubuntu Security Team’s Tech Lead, and remains on the Ubuntu Technical Board. Before that, he worked as the lead sysadmin at OSDL, before it was the Linux Foundation. He has written various utilities including GOPchop and Sendpage, and contributes randomly to other projects including fun chunks of code in OpenSSH, Inkscape, Wine, MPlayer, and Wireshark. He’s been spending most of his time lately focused on security features in the Linux Kernel.
-
Biography
I’ve been working on various aspects of Linux kernel since 2005 and
love jumping around across different subsystems, which now includes
libata, block layer, percpu memory allocator, workqueue, x86 and job
control. I hope to continue working on various kernel subsystems as
long as I can. -
Biography
software engineer at facebook