Namespacing the Linux Integrity Measurement Architecture

Explore the intricacies of namespacing the Linux Integrity Measurement Architecture in this 47-minute conference talk presented by Stefan Berger from IBM Corporation and Christian Brauner from Microsoft. Delve into the use cases and benefits of IMA namespacing support for Linux containers, examining the proposed architecture, current implementation, and staging requirements for upstreaming the code. Gain insights into the challenges faced during development and the necessary extensions to other parts of Linux. Learn about the specialized test suite designed to provide testing coverage for various stages of IMA namespacing support. The presentation covers topics such as motivation, background on namespaces, creating an IMA-ns, organizational aspects of iint's, the mesh problem, performance considerations, and upstream efforts. Understand the implications for userspace and get a comprehensive summary of this important development in Linux container security.

Intro
IMA Namespacing - Motivation
IMA Namespacing - Background • 8 namespaces: Cgroup, IPC, Network, Mount, PID, Time, User, UTS
IMA Namespaces - Creating an IMA-ns
IMA Namespacing - Challenges
IMA Namespacing - Organization of iint's
IMA Namespacing - Mesh Problem
IMA Namespacing -- Performance
IMA Namespacing - Test Suite
IMA Namespacing - Upstreaming
IMA Namespacing - Userspace
IMA Namespacing - Summary