Name: Making Unprivileged Containers More Useable - Christian Brauner, Canonical
Start: 2020-06-30T15:15:00-0500
End: 2020-06-30T16:05:00-0500

NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.

Back To Schedule

Making Unprivileged Containers More Useable - Christian Brauner, Canonical

Feedback form is now closed.

Watch Now

Unprivileged containers come with a range of security restriction enforced by the kernel. This includes not allowing the creation of character or block device nodes preventing a container from gaining access to e.g. any disk devices attached to the hardware or to write directly into kernel memory. The kernel will also prevent an unprivileged container from mounting most interesting filesystems. There are a wide range of other examples where the kernel access to interesting or crucial features to ensure the integrity of the system in the face of untrusted workloads for which unprivileged containers were designed.

In this talk we will show how new kernel features can be combined to overcome these restrictions and thereby making unprivileged containers more useable and powerful in a secure way.

Speakers

Christian Brauner

Principal Software Engineer, Microsoft Corp.

Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

2020 OSS NA Making Unprivileged Containers More Useable pdf

Tuesday June 30, 2020 3:15pm - 4:05pm CDT
Linux Systems Theater

Linux Systems, Containers and Checkpoint/Restore

Skill Level Mid-level
Session Slides Included

Open Source Summit + ELC North America 2020

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Christian Brauner