YoVDO

Making Unprivileged Containers More Usable

Offered By: Linux Foundation via YouTube

Tags

Containers Courses Race Conditions Courses Container Management Courses Linux Security Courses Container Security Courses Seccomp Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of unprivileged containers in this 54-minute conference talk by Christian Brauner from Canonical. Delve into the fundamentals of containers, their limitations, and the complexities surrounding syscalls. Gain insights into syscall conventions, seccomp, and kernel policies. Understand the process of intercepting system calls and the role of container managers. Examine common problems associated with syscalls, including race conditions, through practical demonstrations. Conclude with a discussion on critical security aspects, enhancing your knowledge of container technology and its practical applications.

Syllabus

Intro
Christian Brauner
Outline
What are containers
Limitations
syscalls
syscall conventions
seccomp
seccomp explained
syscall decision
kernel policy
intercept system calls
interception diagram
container manager
problems with syscall
race condition
demo
questions
security aspects


Taught by

Linux Foundation

Tags

Related Courses

Scenario Based LXD/LXC Security
A Cloud Guru Scenario Based Docker Security
A Cloud Guru Using Seccomp to Limit the Kernel Attack Surface
Linux Foundation via YouTube Trace Me if You Can - Bypassing Linux Syscall Tracing
Black Hat via YouTube Sandboxing Based on SECCOMP for Linux Kernel
Ekoparty Security Conference via YouTube