Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

On the Way to Safe Containers - Security and Resource Management in LXC and LXD

Linux Foundation via YouTube

Overview

Explore the intricacies of container security in this 38-minute conference talk by Stephane Graber from Canonical. Delve into the security mechanisms employed by LXC and LXD to provide a VM-like experience for system containers. Learn about user namespaces, AppArmor, seccomp, capabilities, filesystem quotas, qdisc limits, and cgroups restrictions. Understand how these technologies work together to create containers that cannot harm the host, are root-safe, and resist DoS attacks when properly configured. Examine the limitations of current security measures, potential system vulnerabilities, and proposed solutions. Gain insights from Graber's expertise as the technical lead for LXD at Canonical and project leader for LXC and LXD. The talk covers an introduction to LXI, security aspects, resource and global limits, checkpoint restore functionality, and includes a demonstration of container restoration.

Syllabus

Intro
What is LXI
Security
Resource Limits
Global Limits
Checkpoint Restore
Demo
Restore Containers
Recap

Taught by

Linux Foundation

Reviews

Start your review of On the Way to Safe Containers - Security and Resource Management in LXC and LXD

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.