Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Don’t miss the Linux Security Summit, be sure to register now! 
View analytic
Thursday, August 25 • 16:30 - 17:15
On the Way to Safe Containers - Stephane Graber, Canonical

Sign up or log in to save this to your schedule and see who's attending!

LXC and now LXD are both container managers with a focus on providing a VM-like, system container experience to their users. Our users therefore expect to be able to do the same things they would in a VM and to have an environment that's by and large as safe as a VM.

Our containers security story is mostly based on the user namespace, on top of which we layer apparmor, seccomp, capabilities, filesystem quotas, qdisc limits and cgroups restrictions. The result is a container which cannot accidentally harm the host, is root safe and if properly configured, cannot trivially DoS the host.

This talk will cover all of the above technologies and how they're used to provide our containers, what their limitations are, how the system can still be abused and some of the proposed fixes for those limitations.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Software Engineer, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at the various containers and other Linux related events.Stéphane is also a long time contributor to the Ubuntu Linuxdistribution as an Ubuntu Core Developer and he currently sitson the Ubuntu Technical Board.On his spare time, Stéphane helps organize a yearly securityconference and... Read More →


Thursday August 25, 2016 16:30 - 17:15
Harbour C

Attendees (8)