Linux Security Summit North America 2026

Linux containers rely on namespaces, capabilities, and seccomp profiles to enforce isolation. However, several powerful debugging and observability interfaces remain accessible in many deployments and are rarely audited from a security perspective.

This talk explores how Linux debugging mechanisms such as ptrace, perf, and tracing interfaces interact with container isolation boundaries. While these tools are designed for diagnostics and performance analysis, misconfigured access to them can expose unexpected attack surfaces that enable information leakage, privilege escalation, or container escape.

Through practical demonstrations, we examine how these interfaces can be abused in real environments and why many monitoring tools unintentionally weaken isolation guarantees. The session also presents practical hardening strategies, including capability minimization, runtime policy enforcement, and safer observability deployments for production systems.