Overview
Explore the intricacies of container security and the challenges of providing root shells to strangers on the internet in this 48-minute conference talk by Stephane Graber from Canonical Ltd. Delve into the world of LXD (Linux Containers) and learn about the security requirements, networking considerations, and privilege management involved in running such a service. Discover how kernel bugs and security updates impact container environments, and understand the tradeoffs made to balance functionality and safety. Gain insights into running your own search service and the lessons learned from five years of operating this unique platform. Conclude with a Q&A session to address specific concerns and curiosities about container security and management.
Syllabus
Introduction
What does Lexi do
Container Security
Requirements
Networking
Privileges
Kernel Bugs
Security Updates
Tradeoffs
Running your own search service
Conclusion
Questions
Taught by
Linux Foundation