Statements (69)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:operating_system
|
| gptkbp:bfsLayer |
4
|
| gptkbp:bfsParent |
gptkb:Open_BSD's_pledge_system
gptkb:Open_BSD's_systrace |
| gptkbp:allows |
restricting system calls
|
| gptkbp:block |
specific system calls
|
| gptkbp:can_be |
denied system calls
|
| gptkbp:can_be_extended_by |
custom filters
|
| gptkbp:can_be_used_with |
gptkb:seccomp-bpf
other security modules |
| gptkbp:enables |
process isolation
|
| https://www.w3.org/2000/01/rdf-schema#label |
Linux seccomp
|
| gptkbp:introduced |
gptkb:Linux_2.6.12
|
| gptkbp:is_adopted_by |
cloud-native applications
|
| gptkbp:is_compatible_with |
cgroups
|
| gptkbp:is_documented_in |
online resources
developer guides man pages technical papers kernel documentation |
| gptkbp:is_implemented_in |
gptkb:language
libseccomp library |
| gptkbp:is_part_of |
Linux security features
system security architecture application security measures system hardening techniques Linux kernel security enhancements Linux security ecosystem Linux security hardening Linux security module framework |
| gptkbp:is_protected_by |
malicious system calls
|
| gptkbp:is_related_to |
gptkb:App_Armor
network security process management threat modeling Linux namespaces system security policies SE Linux |
| gptkbp:is_supported_by |
gptkb:lake
gptkb:fortification security audits Linux kernel developers open-source communities most Linux distributions |
| gptkbp:is_used_by |
web browsers
sandboxing applications |
| gptkbp:is_used_for |
enforce security policies
application confinement enhancing system stability implement least privilege principle improving application security limit resource access reducing privilege escalation risks |
| gptkbp:is_used_in |
virtualization technologies
high-security environments container technologies |
| gptkbp:is_utilized_in |
embedded systems
microservices architecture security researchers secure coding practices server applications security-focused distributions |
| gptkbp:provides |
reducing attack surface
system call filtering |
| gptkbp:setting |
JSON files
allow or deny system calls seccomp filters seccomp mode |
| gptkbp:supports |
gptkb:XMPP_Extension_Protocol
|