✓ Save up to € 470
✓ Raspberry Pi or C64 Mini for free
✓ Team discount
✓ Bis zu 470 € sparen
✓ Raspberry Pi oder C64 Mini gratis
✓ 12 Monate Zugang zu entwickler.de
✓ See you in 2022!
✓ Wir sehen uns 2022!
Not all containers are trustworthy – and even those you build yourself can be hacked. Malicious software might be included in the images, or downloaded into the container at runtime. While generic containers should keep the bad guys contained (hence, the name) it is possible to further improve security by limiting which system calls a container may execute. In this talk we’ll explain what system calls are, exactly how to filter them with Kubernetes and Docker, and how doing so improves security.