All posts tagged with SSDL


Seccomp (short for secure computing mode) is a useful feature provided by the Linux kernel since 2.6.12. It is used to limit the system calls a process can make. Seccomp has been implemented by numerous projects such as Docker, Android, OpenSSH and Firefox to name a few.

In this blog post, I am going to show you how you can take advantage of this Golang security feature by implementing your own seccomp filters, at runtime, for a Go binary on your Dyno.

What is Seccomp?

Seccomp gives developers control over the system calls a process can make. System calls are how processes request services from the Linux kernel. If a Golang binary wants to open a file, it sends a syscall to the kernel—...

Browse the blog archives or subscribe to the full-text feed.