bpfbox: Simple Precise Process Confinement with eBPF and KRSI William Findlay October 28, 2020 bpfbox at a Glance ▶ bpfbox is a novel process confinement mechanism for Linux using eBPF ▶ Users write Userspace daemon using the Python3 bcc framework ▶ Kernelspace components are all eBPF ▶ LSM probes (KRSI), kprobes, uprobes, tracepoints ▶ Under 2000 source lines of kernelspace code ▶ Thanks to eBPF, bpfbox Special thanks to: ▶ Alexei Starovoitov and Daniel Borkmann (creators of eBPF) ▶ K.P. Singh (creator of KRSI) ▶ Fellow bcc contributors (an awesome eBPF framework) This work was supported by NSERC through a