Workshop: Sandboxing your Linux Application

Ever wondered how Docker sets up its secure environment, or how Chromium can run external scripts and not be afraid of them messing around on the host system? Maybe you have thirdparty applications you want to run, but don't trust? Or maybe you just want to learn som fun APIs available on Linux systems?

In this workshop we will use technologies like namespaces and seccomp to write a simple sandbox for a Linux application.

Namespaces and seccomp are Linux APIs that lets you isolate your application, making them essential building blocks for securing execution of untrusted code.