Overview
Explore container security in this 45-minute conference talk by Stéphane Graber and Christian Brauner from Canonical Ltd. Delve into the various types of containers, their security features, and security models. Examine recent kernel developments aimed at enhancing the safety and usability of unprivileged containers. Learn about crucial security features such as namespaces, Seccomp, and Linux Security Modules. Discover new features like Secum, MakeNot, Extended Cisco Filtering, and Stacking Idea. Gain insights into remaining challenges in container security and potential solutions, including the Mount API, keyring namespacing, and file descriptors. Understand the implications of CVE-2019-5736 and how it exposed vulnerabilities in most containers.
Syllabus
Introduction
Terminology
Previous Containers
Bad CVS
Security features
Namespaces
Seccomp
Linux Security Summit
New features
Secum
MakeNot
Extended Cisco Filtering
Stacking
Idea
Mount API
keyring namespacing
file descriptors
Taught by
Linux Foundation