On the Way to Safe Containers - Security and Resource Management in LXC and LXD
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the intricacies of container security in this 38-minute conference talk by Stephane Graber from Canonical. Delve into the security mechanisms employed by LXC and LXD to provide a VM-like experience for system containers. Learn about user namespaces, AppArmor, seccomp, capabilities, filesystem quotas, qdisc limits, and cgroups restrictions. Understand how these technologies work together to create containers that cannot harm the host, are root-safe, and resist DoS attacks when properly configured. Examine the limitations of current security measures, potential system vulnerabilities, and proposed solutions. Gain insights from Graber's expertise as the technical lead for LXD at Canonical and project leader for LXC and LXD. The talk covers an introduction to LXI, security aspects, resource and global limits, checkpoint restore functionality, and includes a demonstration of container restoration.
Syllabus
Intro
What is LXI
Security
Resource Limits
Global Limits
Checkpoint Restore
Demo
Restore Containers
Recap
Taught by
Linux Foundation
Tags
Related Courses
Access Control Mechanisms in LinuxPluralsight Learning Debian Linux
LinkedIn Learning Linux Foundation Cert Prep: Operation of Running Systems (Ubuntu)
LinkedIn Learning AppArmor
Linux Foundation via YouTube Trace Me if You Can - Bypassing Linux Syscall Tracing
Black Hat via YouTube