diff options
Diffstat (limited to 'website/content/_posts/2019-11-18-security-basics.md')
| -rw-r--r-- | website/content/_posts/2019-11-18-security-basics.md | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/website/content/_posts/2019-11-18-security-basics.md b/website/content/_posts/2019-11-18-security-basics.md index ef2e9a37e..10a3ac0a7 100644 --- a/website/content/_posts/2019-11-18-security-basics.md +++ b/website/content/_posts/2019-11-18-security-basics.md @@ -1,8 +1,10 @@ --- title: gVisor Security Basics - Part 1 layout: post -author: jsprad, zkoopmans -permlink: /blog/:title/ +authors: +- jsprad +- zkoopmans +permalink: /blog/2019/11/18/gvisor-security-basics-part-1/ --- # Part 1 - Introduction @@ -87,7 +89,7 @@ Least-Privilege is applied throughout gVisor. Each component and more importantl ---- - + Figure 2: runsc components and their privileges. @@ -136,11 +138,11 @@ So, of the 350 syscalls in the Linux kernel, the Sentry needs to implement only ---- - + Figure 3: Reduction of Attack Surface of the Syscall Table. Note that the Senty's Syscall Emulation Layer keeps the Containerized Process from ever calling the Host OS. ---- +---- ## Secure-by-default |