Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Securing Filesystem Images for Unprivileged Containers

Linux Foundation via YouTube

Overview

Explore the intricacies of securing filesystem images for unprivileged containers in this informative 42-minute conference talk by James Bottomley, a Distinguished Engineer at IBM. Delve into the essential role of User Namespaces in container security, allowing for seemingly privileged execution within containers while maintaining unprivileged status from the host's perspective. Examine the challenges associated with filesystem writes in user namespaces and the impact on sharing images and archives among containers. Compare three proposed mechanisms for addressing these issues: shiftfs, userns portable roots, and filesystem mappings, weighing their advantages and disadvantages. Gain insights from Bottomley's extensive experience as a Linux Kernel maintainer and former Linux Foundation board member as he discusses cutting-edge solutions for enhancing container security and filesystem management.

Syllabus

Securing Filesystem Images for Unprivileged Containers by James Bottomley, IBM

Taught by

Linux Foundation

Reviews

Start your review of Securing Filesystem Images for Unprivileged Containers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.