Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

State of the User Namespace - Privileged Containers and Security Implications

Linux Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the current state and advancements in user namespace technology through this comprehensive conference talk by Stephane Graber and Christian Brauner from Canonical. Delve into the security implications of privileged containers and their role in Common Vulnerabilities and Exposures (CVEs). Gain insights on unprivileged containers and the implementation of isolated user namespaces in both userspace and kernelspace. Examine the limitations of user namespaces and their interaction with seccomp in containerized environments. Learn about syscall supervision techniques and filesystem interactions within containers. Discover the process of overriding credentials in the Virtual File System (VFS) and the concept of idmapped bind-mounts. This in-depth presentation offers valuable knowledge for developers, system administrators, and security professionals working with containerization technologies.

Syllabus

Intro
Privileged Containers cause majority of CVES
Unprivileged Containers
Isolated User Namespaces - Userspace
Isolated User Namespaces - Kernelspace
Limitations of User Namespaces
Seccomp & Containers
Syscall Supervision
Filesystem interactions
Overriding creds in the VFS
Idmapped bind-mounts

Taught by

Linux Foundation

Reviews

Start your review of State of the User Namespace - Privileged Containers and Security Implications

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.