LinuxCon + CloudOpen + ContainerCon NA 2015 has ended
Back To Schedule
Wednesday, August 19 • 10:25am - 11:15am
Rooting out Root: User Namespaces in Docker - Phil Estes, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

While Docker as a container runtime has been available for two years now, and uses various Linux kernel features for namespacing to isolate the container processes, user namespace support in the Go language and libcontainer was only made available earlier this year. Now that support exists in these underlying technologies, Phil will discuss the details of exposing user namespace support to Docker operators and users, and some of the complexities of offering full user namespace mappings to containers.

Most importantly, the key benefit to user namespace support being available in Docker is that the host system's root user will no longer be exposed as the container's "root". Phil will detail the improved security posture provided and discuss future enhancements to container user and group isolation based on this Linux kernel feature.

avatar for Phil Estes

Phil Estes

Principal Engineer, AWS
Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS.Phil is currently an active contributor and maintainer for the CNCF containerd runtime project, and participates in the... Read More →

Wednesday August 19, 2015 10:25am - 11:15am PDT
Grand Ballroom D

Attendees (0)