Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, July 14 • 16:00 - 16:40
Unprivileged Containers: What you Always Wanted to Know About Namespaces But Were Too Afraid To Ask - James Bottomley, IBM

Sign up or log in to save this to your schedule and see who's attending!

Containers are mostly understood via docker which, up until version 1.9, did not use user namespaces at all. This leads to all sorts of wild assertions about "security problems" with containers. This talk will remedy that by explaining what namespaces are, how they are used and how to set up unprivileged containers with the user namespace. Since namespaces are little understood, we'll begin with the history of namespaces, how they work, the difference between label and mapping namespaces and finally how all namespaces interact with user namespaces and how user namespaces can be used both to deprivilege root and give an ordinary user a container they can enter with an unprivileged root. We'll use build containers as a demonstration of the latter

Speakers
avatar for James Bottomley

James Bottomley

Distinguished Engineer, IBM Research
James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board of the Linux Foundation and Chair of its Technical Advisory Board. He went to university at Cambridge for both his undergraduate and doctoral degrees after which he joined AT&T Bell labs to work on Distributed Lock Manager technology for... Read More →


Thursday July 14, 2016 16:00 - 16:40
Pegasus

Attendees (21)