Brussels / 3 & 4 February 2018


Forwarding system calls to userspace

Using Seccomp to intercept system calls and forwarding them to a handler in userspace

In this talk, I will describe SECCOMPUSERNOTIF, a new seccomp return type under development to forward syscalls to another userspace daemon. This would allow container engines to transparently hook syscalls like mount or modprobe, enabling applications inside containers to use these syscalls without modification.


Tycho Andersen