Overview
Explore the concept of super privileged containers in this 43-minute Red Hat Summit talk by Daniel Walsh, known as "Mr SELinux." Learn how containers provide security separation, resource isolation, and process isolation while serving as a mechanism for software shipping. Discover the benefits of shipping software in container format for Red Hat Enterprise Linux Atomic Host. Understand how to disable various security and process isolation components of containers to enable manipulation and management of the host operating system and other container processes. Watch demonstrations on using containers to load kernel modules, run virtual machines, and debug and trace system processes. Gain insights into Atomic Host, Atomic Commands, and Atomic Tools. Examine problem statements, labels, container images, and postinstall scripts. Witness demos of Atomic and Apache, and learn about centralized logging, RLM 7, and lockdown mode.
Syllabus
Intro
Atomic Host
Super privileged containers
Enable all Linux capabilities
No namespaces
Namespace separation
IPC separation
Host namespace
Mount
Demo
Atomic
Atomic Command
Atomic Tools
Problem Statement
Labels
Container images
Postinstall scripts
Install procedure
Free IPA
Atomic demo
Apache demo
Atomic run
Centralized logging
RLM 7 only
lockdown mode
Nuala Kuehl
Taught by
Red Hat