Dive deep into user namespaces, a crucial technology for application isolation and sandboxing, in this 54-minute conference talk. Explore the fundamentals of user namespaces, their role in running containers without root privileges, and their application in sandboxing web browser plug-ins. Gain insights into the capabilities and limitations of being a "superuser inside a user namespace," and understand the intricate relationships between user namespaces and other namespace types such as PID, UTS, and network. Examine the security implications of user namespaces and learn simple shell commands for creating and experimenting with them. Benefit from live demonstrations that illustrate key concepts. While prior attendance of the "Linux namespaces" presentation is helpful, it is not mandatory for understanding this in-depth exploration of user namespaces.
Containers Unplugged - Understanding User Namespaces
Overview
Syllabus
Containers unplugged: understanding user namespaces - Michael Kerrisk
Taught by
NDC Conferences
Related Courses
-
Containers Unplugged - Linux Namespaces
-
Sandboxing a Linux Application
-
State of the User Namespace - Privileged Containers and Security Implications
-
Send in the Chown - Systemd Containers in User Namespaces
-
Rootless Containers from Scratch
-
User Namespaces with Host-Isolated UIDs/GIDs - Linux Kernel Extension
