This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, August 19 • 10:25am - 11:15am
Rooting out Root: User Namespaces in Docker - Phil Estes, IBM

Sign up or log in to save this to your schedule and see who's attending!

While Docker as a container runtime has been available for two years now, and uses various Linux kernel features for namespacing to isolate the container processes, user namespace support in the Go language and libcontainer was only made available earlier this year. Now that support exists in these underlying technologies, Phil will discuss the details of exposing user namespace support to Docker operators and users, and some of the complexities of offering full user namespace mappings to containers.

Most importantly, the key benefit to user namespace support being available in Docker is that the host system's root user will no longer be exposed as the container's "root". Phil will detail the improved security posture provided and discuss future enhancements to container user and group isolation based on this Linux kernel feature.

avatar for Phil Estes

Phil Estes

Senior Technical Staff Member, IBM Cloud Open Technologies
Phil is a Senior Technical Staff Member with the IBM Cloud Open Technologies team. Phil is a core contributor and maintainer on the Docker engine project and is a leader and expert within IBM on container and cloud open source technologies. Phil has an active role helping both IBM product teams and IBM's customers understand and apply container technology and concepts to their cloud strategy and implementation. Phil also is a regular speaker at... Read More →

Wednesday August 19, 2015 10:25am - 11:15am
Grand Ballroom D