Explore container runtime security challenges and solutions in this 45-minute conference talk from linux.conf.au 2020. Delve into recent security vulnerabilities in container runtimes and their implications for host system security. Examine potential problem areas in container runtime security and learn about efforts to address these issues through kernel-space and user-space protections. Discover how these security measures can benefit programs beyond the container runtime community. Gain insights into topics such as namespace usage, container security bugs, file descriptor reopening, sibling exchange attacks, and the development of a Rust library for enhanced security. Understand the speaker's perspective on next steps and where to access related resources.
Overview
Syllabus
Intro
Use Namespaces
Container on X
Parents Job
Container on Time
Container Security Bug
The Problem
Another Bug
File Describing Reopening
Sibling Exchange Attack
Why a library
Rust
Next Steps
Where can you get the stuff
Taught by
linux.conf.au
