seccomp-engineering
CommunityDesign auditable Linux seccomp policies.
Software Engineering#linux#bpf#sandboxing#container-security#policy-design#seccomp#system-call-filter
Authorjamieadams-nerd
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Seccomp-based kernel surface minimization reduces the attack surface of Linux processes by restricting syscalls to only what's necessary, helping prevent privilege escalation and unexpected behavior.
Core Features & Use Cases
- Policy design with minimal allowlists and default-deny posture.
- Arch-aware filtering with deterministic failure modes and argument filtering.
- Use cases: hardening services, containers, and daemons; auditing existing policies; integrating with container runtimes and systemd.
Quick Start
Profile a target binary with strace to enumerate required syscalls, then craft a minimal allowlist and apply it via prctl or systemd's SystemCallFilter.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: seccomp-engineering Download link: https://github.com/jamieadams-nerd/umrs-project/archive/main.zip#seccomp-engineering Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.