Seccomp

Seccomp (Secure Computing Mode) restricts the actions that containers can perform, which reduces the attack surface and mitigates potential risks associated with running containers, which safeguardes both the containerized applications and the host system.

What is Seccomp?

Seccomp is a Linux kernel feature that limits the system calls a process can make. System calls are the primary means through which applications interact with the operating system kernel. By restricting these calls, Seccomp can prevent potentially harmful operations from being executed within a container, offering a robust layer of protection for the host system.

How Seccomp Works

Seccomp operates by applying a filtering mechanism that evaluates each system call made by a process against a predefined policy. When a process makes a system call, Seccomp checks it against the rules defined in the Seccomp profile:

  • Allowed Calls: If the system call is permitted by the policy, it is executed as usual without any interruption.
  • Restricted Calls: If the system call is not allowed, the kernel can take one of several actions depending on how the Seccomp profile is configured:
    • Deny the Request: The system call is blocked, and an error is returned to the process.
    • Terminate the Process: The process making the unauthorized system call is immediately terminated to prevent further execution.
    • Log the Attempt: The attempt to make the system call can be logged for auditing and monitoring purposes.

This selective filtering mechanism ensures that only safe, predefined operations can be performed, thereby reducing the risk of malicious or unintended actions.

Seccomp Profiles

A Seccomp profile is a set of rules that defines which system calls are permitted and which are restricted. Container runtimes, such as Docker, typically include default Seccomp profiles that block potentially dangerous system calls while allowing the necessary ones for most applications. These profiles are designed to balance security and functionality, ensuring that containers can operate effectively without compromising the host system.

Use Cases

Seccomp is particularly valuable in environments where security is a top priority, including:

Multi-Tenant Platforms: In environments where multiple users or applications share the same infrastructure, Seccomp helps ensure that containers remain isolated and cannot perform actions that could affect other tenants.

Running Untrusted or Third-Party Code: When running code from untrusted sources, Seccomp provides a safeguard by limiting the operations that this code can perform, reducing the risk of malicious activity.

High-Security Applications: For applications that require stringent security controls, Seccomp ensures that only the essential system calls are allowed, minimizing the potential for exploitation.

Dive deeper into security topics with container hardening.