Explore the inner workings of container technology in this comprehensive tutorial led by Stéphane Graber and Christian Brauner from Canonical Ltd. Dive deep into the kernel features that power popular container tools like Docker, LXC, and LXD. Create a container from scratch, step-by-step, to gain a thorough understanding of the underlying mechanisms. Examine various namespaces and their functions, learn how to set up a suitable filesystem, integrate with a Linux Security Module (LSM), implement privilege and capability dropping, and apply restrictions using cgroups. Through hands-on demonstrations, grasp the capabilities and limitations of containers at each stage of development. Gain valuable insights into the intricate components that come together to form a container, enhancing your knowledge of Linux primitives and container architecture.
Overview
Syllabus
Introduction
General Considerations
File System Isolation
namespaces
seccomp
Demo
Capabilities
User Namespace
Loading Profiles
C Groups
Proxy Groups
Taught by
Linux Foundation