## bpbox: Simple Precise Process Confinement with eBPF and KRSI eBPF Summit ## bpfbox at a Glance ▶ bpfbox is a novel process confinement mechanism for Linux using eBPF ▶ Users write per-application Userspace daemon using the Python3 bcc framework ▶ Kernelspace components are all eBPF ▶ LSM probes (KRSI), kprobes, uprobes, tracepoints ▶ Under 2000 source lines of kernelspace code Thanks to eBPF, bpfbox thanks to: ▶ Alexei Starovoitov and Daniel Borkmann (creators of eBPF) ▶ K.P. Singh (creator of KRSI) ▶ Fellow bcc contributors (an awesome eBPF framework) This work was supported by NSERC through