10:20 - 11:20 (UTC+02)
Talk (60 min)
The Building Blocks of Linux Containers and Sandboxes - Part I
More than a decade ago, work started on various Linux kernel features that allow processes to be isolated and contained. By now, these features- namespaces, cgroups (control groups), and seccomp (secure computing) have reached a level of maturity such that they are used in a wide variety of tools, such as Podman, Docker, LXC, Firejail, Flatpack, and various web browsers.
In this presentation, I'll provide a high-level view of each of these technologies and explain their role in securing applications, limiting resource consumption, and virtualizing the environment seen by running processes.