Name: Container Security - Past, Present & Future - Serge Hallyn, Canonical
Start: 2015-08-19T15:00:00-0700
End: 2015-08-19T15:50:00-0700

Visit the LinuxCon Website
Visit the CloudOpen Website
Visit the ContainerCon Website

Back To Schedule

Container Security - Past, Present & Future - Serge Hallyn, Canonical

BSD jails, Solaris zones, linux-vserver, and Virtuozzo each define a
jail, zone, or container as a distinct thing which the kernel
uses to isolate a OS level virtualization server. In contrast, modern
Linux containers are based on a number of supporting kernel features,
none of which actually know what a container is. It is up to userspace
to coordinate the use of these features to present container
functionality to the user. Consequently, it is also up to userspace
to do provide the proper "isolation" - in other words, container security.

Linux container security has gone through a few stages. Originally, the
only features available were the first few namespaces themselves and Linux Security Modules (LSMs). Today, user namespaces provide terrific container
isolation. Looking ahead, we expect to use new features in hardware
to protect the kernel from kernel 0-days exp

Speakers

Serge Hallyn

Canonical

Serge Hallyn works for Canonical as a member of the Ubuntu Server team, with a particular focus on the virtualization stack. He has been involved with containers since the first upstream kernel patches for uts and pid namespaces. He was involved with LSM from the start, is listed... Read More →

Wednesday August 19, 2015 3:00pm - 3:50pm PDT
Grand Ballroom D

ContainerCon Experience Level - Intermediate Developer

LinuxCon + CloudOpen + ContainerCon NA 2015

Serge Hallyn

Attendees (0)

LinuxCon + CloudOpen + ContainerCon NA 2015

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Serge Hallyn

Attendees (0)