AppArmor 
The Netflix TechBlog
DECEMBER 23, 2020
We already use the default settings offered by Docker, such as AppArmor, and seccomp, but by adding user namespaces, we can achieve a superior defense-in-depth security model. These CVEs did not affect our infrastructure because we were using user namespaces for all of our containers.
Brendan Gregg
SEPTEMBER 25, 2021
apparmor?). Browsing the flame graph shows it is calling the gettimeofday(2) syscall which enters the tracesys() and syscall_trace_enter/exit() kernel functions. This gave me two theories: A) Some syscall tracing is enabled in Ubuntu (auditing? Theory (A) is most likely based on the frame widths in the flame graph.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Brendan Gregg
SEPTEMBER 25, 2021
apparmor?). Browsing the flame graph shows it is calling the gettimeofday(2) syscall which enters the tracesys() and syscall_trace_enter/exit() kernel functions. This gave me two theories: A) Some syscall tracing is enabled in Ubuntu (auditing? Theory (A) is most likely based on the frame widths in the flame graph.
Brendan Gregg
SEPTEMBER 25, 2021
apparmor?). Browsing the flame graph shows it is calling the gettimeofday(2) syscall which enters the tracesys() and syscall_trace_enter/exit() kernel functions. This gave me two theories: A) Some syscall tracing is enabled in Ubuntu (auditing? Theory (A) is most likely based on the frame widths in the flame graph.
Brendan Gregg
SEPTEMBER 5, 2017
. ## Security Key Linux security technologies to learn: - LSM : Linux Security Modules - AppArmor : application access control (LSM) - seccomp : secure computing mode, restricts system call usage - SELinux : Security-Enhanced Linux (LSM), for access control and security policies (alternate to apparmor) - Linux audit : event logging - eBPF (which is (..)
Expert insights. Personalized for you.
286 
Let's personalize your content