In this FOSDEM conference talk, Stefan, project leader for Lexed, a container manager, discusses the concept of safe containers through system call interception. He explains that there are two types of containers, privileged and unprivileged, and the goal is to eradicate privileged containers due to security risks. Stefan highlights the use of SecComp, a system call interception mechanism in Linux, which allows for safe running of privileged actions inside unprivileged containers. He describes the various functionalities implemented, such as make-node, set-x-attrs, mount, and sysinfo, and demonstrates their use through a terminal demo. Stefan also discusses future plans, including implementing init module and finit module for kernel module loading, expanding eBPF program handling, and exploring the possibility of intercepting and implementing system calls that don't yet exist. The talk ends with a Q&A session.