[kwlug-disc] ccc talk on security
Chris Frey
cdfrey at foursquare.net
Mon Jan 29 02:26:04 EST 2024
On Sat, Jan 20, 2024 at 04:01:52PM +0000, Mikalai Birukou wrote:
> The talk: https://www.youtube.com/watch?v=TaE28fJVPTk
>
> It is more about style with which one designs a system.
What a delightfully excellent talk on security! Thanks for sharing.
> Did we have discussions about seccomp and similar ways of sandboxing
> processes? Does anyone can make a presentation?
The way he was talking about seccomp looked like more of a syscall-level
protection. I tend to use apparmor (I guess that's built on top of
seccomp too, now that I look it up) which lets me allow open() only
in certain areas of the filesystem, instead of turning open off completely.
Apparmor lets me apply security rules to any application, instead of
changing the app.
- Chris
More information about the kwlug-disc
mailing list