Explore container security in this 45-minute conference talk by Stéphane Graber and Christian Brauner from Canonical Ltd. Delve into the various types of containers, their security features, and security models. Examine recent kernel developments aimed at enhancing the safety and usability of unprivileged containers. Learn about crucial security features such as namespaces, Seccomp, and Linux Security Modules. Discover new features like Secum, MakeNot, Extended Cisco Filtering, and Stacking Idea. Gain insights into remaining challenges in container security and potential solutions, including the Mount API, keyring namespacing, and file descriptors. Understand the implications of CVE-2019-5736 and how it exposed vulnerabilities in most containers.
Making Containers Safer - Security Features and New Developments
Overview
Syllabus
Introduction
Terminology
Previous Containers
Bad CVS
Security features
Namespaces
Seccomp
Linux Security Summit
New features
Secum
MakeNot
Extended Cisco Filtering
Stacking
Idea
Mount API
keyring namespacing
file descriptors
Taught by
Linux Foundation
Tags
Related Courses
-
State of the User Namespace - Privileged Containers and Security Implications
-
Making Unprivileged Containers More Usable
-
Syscall Supervision in User Namespaces and Unprivileged Containers
-
Improving Container Security with System Call Interception
-
On the Way to Safe Containers - Security and Resource Management in LXC and LXD
