Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, August 19 • 3:00pm - 3:50pm
Container Security - Past, Present & Future - Serge Hallyn, Canonical

Sign up or log in to save this to your schedule and see who's attending!

BSD jails, Solaris zones, linux-vserver, and Virtuozzo each define a
jail, zone, or container as a distinct thing which the kernel
uses to isolate a OS level virtualization server. In contrast, modern
Linux containers are based on a number of supporting kernel features,
none of which actually know what a container is. It is up to userspace
to coordinate the use of these features to present container
functionality to the user. Consequently, it is also up to userspace
to do provide the proper "isolation" - in other words, container security.

Linux container security has gone through a few stages. Originally, the
only features available were the first few namespaces themselves and Linux Security Modules (LSMs). Today, user namespaces provide terrific container
isolation. Looking ahead, we expect to use new features in hardware
to protect the kernel from kernel 0-days exp

Speakers
SH

Serge Hallyn

Canonical
Serge Hallyn works for Canonical as a member of the Ubuntu Server team, with a particular focus on the virtualization stack. He has been involved with containers since the first upstream kernel patches for uts and pid namespaces. He was involved with LSM from the start, is listed as co-maintainer of the security subsystem and capabilities, and is a core maintainer of the LXC project.


Wednesday August 19, 2015 3:00pm - 3:50pm
Grand Ballroom D