https://www.scrivano.org/tags/conmon/ Recent content in Conmon on *scratch* Hugo en Sat, 06 Jun 2026 10:03:54 +0000 https://www.scrivano.org/posts/2020-08-10-seccomp-notifications/ Mon, 10 Aug 2020 10:40:19 +0200 https://www.scrivano.org/posts/2020-08-10-seccomp-notifications/ <p>A couple weekends ago I&rsquo;ve played with seccomp user notifications and how they can be used in the OCI containers stack. Seccomp user notifications are a Linux kernel feature that lets a privileged monitor process intercept specific syscalls made by a less-privileged container, inspect the arguments, and either emulate the syscall or return an error. This opens up possibilities for safely expanding what unprivileged containers can do — for example, emulating <code>mknod</code> — without granting broad kernel capabilities to the container itself.</p> <p>Seccomp user notifications are a powerful Linux kernel feature, that delegates syscalls handling to a userland program.</p>