Wednesday
Room 3
10:20 - 11:20
(UTC+01)
Talk (60 min)
The Building Blocks of Linux Containers and Sandboxes - Part I
More than a decade ago, work started on various Linux kernel features that allow processes to be isolated and contained. By now, these features- namespaces, cgroups (control groups), and seccomp (secure computing) have reached a level of maturity such that they are used in a wide variety of tools, such as Podman, Docker, LXC, Firejail, Flatpack, and various web browsers.
In this presentation, I'll provide a high-level view of each of these technologies and explain their role in securing applications, limiting resource consumption, and virtualizing the environment seen by running processes.