Extending systemd Security Features with eBPF

systemd is a system and service manager for Linux. It offers a set of security features for sandboxing services in order to limit the set of system resources a service can access. Some of these features include limiting access to resources like memory and CPU, limiting the syscalls that can used and so on. In this post we’ll show how eBPF is currently used in systemd to implement some of those security features and how supporting libbpf has opened the door to supporting new features.
Source: Kinvolk

Leave a Reply

Your email address will not be published.