NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Tuesday, June 30 • 3:15pm - 4:05pm
Making Unprivileged Containers More Useable - Christian Brauner, Canonical

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Unprivileged containers come with a range of security restriction enforced by the kernel. This includes not allowing the creation of character or block device nodes preventing a container from gaining access to e.g. any disk devices attached to the hardware or to write directly into kernel memory. The kernel will also prevent an unprivileged container from mounting most interesting filesystems. There are a wide range of other examples where the kernel access to interesting or crucial features to ensure the integrity of the system in the face of untrusted workloads for which unprivileged containers were designed.

In this talk we will show how new kernel features can be combined to overcome these restrictions and thereby making unprivileged containers more useable and powerful in a secure way.

avatar for Christian Brauner

Christian Brauner

Principal Software Engineer, Microsoft Corp.
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

Tuesday June 30, 2020 3:15pm - 4:05pm CDT
Linux Systems Theater