Loading…
LinuxCon + CloudOpen + ContainerCon NA 2015 has ended
Wednesday, August 19 • 10:25am - 11:15am
Rooting out Root: User Namespaces in Docker - Phil Estes, IBM

Sign up or log in to save this to your schedule and see who's attending!

While Docker as a container runtime has been available for two years now, and uses various Linux kernel features for namespacing to isolate the container processes, user namespace support in the Go language and libcontainer was only made available earlier this year. Now that support exists in these underlying technologies, Phil will discuss the details of exposing user namespace support to Docker operators and users, and some of the complexities of offering full user namespace mappings to containers.

Most importantly, the key benefit to user namespace support being available in Docker is that the host system's root user will no longer be exposed as the container's "root". Phil will detail the improved security posture provided and discuss future enhancements to container user and group isolation based on this Linux kernel feature.

Speakers
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container Architecture Strategy, IBM
Phil is a Distinguished Engineer in the office of the CTO for IBM Cloud, guiding IBM's strategy around containers and Linux. Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight... Read More →


Wednesday August 19, 2015 10:25am - 11:15am
Grand Ballroom D

Attendees (0)