seccomp

Seccomp (short for security computing mode) is a useful feature provided by the Linux kernel since 2.6.12 and is used to control the syscalls made by a process. Seccomp has been implemented by numerous projects such as Docker, Android, OpenSSH and Firefox to name a few. In this blog post, I am going to show you how you can implement your own seccomp filters, at runtime, for a Go binary on your Dyno. Why Use Seccomp Filters? By default, when you run a process on your Dyno, it is limited by which syscalls it can make because the Dyno has…