Wednesday
Room 3
11:40 - 12:40
(UTC+01)
Talk (60 min)
The Building Blocks of Linux Containers and Sandboxes - Part II
More than a decade ago, work started on various Linux kernel features that allow processes to be isolated and contained. By now, these features- namespaces, cgroups (control groups), and seccomp (secure computing) have reached a level of maturity such that they are used in a wide variety of tools, such as Podman, Docker, LXC, Firejail, Flatpack, and various web browsers.
In this presentation, I'll provide a high-level view of each of these technologies and explain their role in securing applications, limiting resource consumption, and virtualizing the environment seen by running processes.