gVisor: Modern Linux Sandboxing Technology - Hack In The Box 2023

Explore modern Linux sandboxing technology in this 46-minute conference talk from the Hack In The Box Security Conference. Dive into the world of Linux sandboxes, examining various solutions and primitives while focusing on gVisor as a powerful sandboxing tool. Learn about the importance of sandboxing in information security and the challenges of finding an ideal solution that balances ease of use, security focus, and full observability. Discover the speaker's approach to creating a process-level sandbox based on gVisor, including its design, implementation, and resolved issues. Gain insights into applying this new sandbox solution across various security areas through practical examples. The talk also covers background on Linux sandboxes, primitives like ptrace and LD_PRELOAD, and existing solutions such as nsjail and firejail. Presented by Li Qiang, a senior security engineer at Ant Group with extensive experience in virtualization, container, kernel, and cloud-native security.