Explore the intricacies of syscall supervision in this 35-minute conference talk by Christian Brauner from Canonical. Delve into user namespaces, unprivileged container limitations, and syscall fundamentals. Examine the relationship between syscalls and Seccomp, learn about syscall interception and emulation techniques, and discuss associated challenges. Gain insights into ongoing developments and future prospects in this critical area of Linux system management and security.
Syscall Supervision in User Namespaces and Unprivileged Containers
Overview
Syllabus
S OPEN SOURCE SUMMIT
Outline
User Namespaces
Limitations of Unprivileged Containers
Syscalls - A brief overview
Syscalls & Seccomp
Intercepting Syscalls
Emulating Syscalls
Problems
Ongoing and Future Work
Taught by
Linux Foundation
Tags
Related Courses
-
Making Unprivileged Containers More Usable
-
State of the User Namespace - Privileged Containers and Security Implications
-
Making Containers Safer - Security Features and New Developments
-
Efficient Syscall Emulation on Linux
-
Restricting Unprivileged User Namespaces in Ubuntu
-
User Namespaces with Host-Isolated UIDs/GIDs - Linux Kernel Extension
