filmov
tv
Containers unplugged: understanding user namespaces - Michael Kerrisk
Показать описание
User namespaces are at the heart of many interesting technologies that allow isolation and sandboxing of applications, for example running containers without root privileges and sandboxes for web browser plug-ins.
In this presentation, we'll look in detail at user namespaces, building up a basic understanding of what a user namespace is and going on to questions such as: what does being “superuser inside a user namespace” allow you do (and what does it not allow); what is the relationship between user namespaces and other namespace types (PID, UTS, network, etc.); and what are the security implications of user namespaces? We'll also explore some simple shell commands that can be used for creating and experimenting with user namespaces in order to better understand how they work. Along the way, there will hopefully be time for a few live demos. You will likely find it helpful to attend my other presentation, "Linux namespaces", beforehand, but this is not essential.
Save the date for NDC TechTown 2020 (31st of August - 3rd of September)
Check out more of our talks at:
In this presentation, we'll look in detail at user namespaces, building up a basic understanding of what a user namespace is and going on to questions such as: what does being “superuser inside a user namespace” allow you do (and what does it not allow); what is the relationship between user namespaces and other namespace types (PID, UTS, network, etc.); and what are the security implications of user namespaces? We'll also explore some simple shell commands that can be used for creating and experimenting with user namespaces in order to better understand how they work. Along the way, there will hopefully be time for a few live demos. You will likely find it helpful to attend my other presentation, "Linux namespaces", beforehand, but this is not essential.
Save the date for NDC TechTown 2020 (31st of August - 3rd of September)
Check out more of our talks at:
0:54:05
Containers unplugged: understanding user namespaces - Michael Kerrisk
0:53:39
Containers unplugged: Linux namespaces - Michael Kerrisk
0:05:58
Container Security Fundamentals - Linux Namespaces (Part 4): The User Namespace
0:08:23
Container Security Fundamentals - Linux Namespaces (Part 1): The Mount Namespace
0:07:04
Unsharing the user namespace for rootless containers
0:04:54
Part 10 - Understanding Namespace isolation in-depth
0:51:31
Michael Kerrisk :: Understanding Linux user namespaces
0:44:35
State of the User Namespace - Stephane Graber & Christian Brauner, Canonical
0:11:25
Overview of Rootless Podman: Part 2 - How User Namespaces Work in Rootless Containers
0:53:30
Understanding user namespaces - Michael Kerrisk
0:28:42
Filesystem mounts in user namespaces - Christian Brauner
0:06:33
Container Security Fundamentals - Linux Namespaces (Part 2): The PID Namespace
0:45:28
'Send in the chown()s - systemd containers in user namespaces' - Fraser Tweedale (LCA 2022...
0:07:04
Container Security Fundamentals - Linux Namespaces (Part 3): The Network Namespace
0:05:12
Linux Control Groups (Cgroups) and NameSpacing | CGroup vs NameSpacing
0:21:13
What's in a Name? - Linux Namespaces
0:11:34
User Namespaces Part 1, Phil Estes
0:13:19
Linux Namespaces | TatOG Explains
1:42:16
NYLUG Presents: Michael Kerrisk on Linux User Namespaces
0:11:06
How containers use PID namespaces to provide process isolation
0:48:00
Virtualization and Cloud Computing Lecture 11: Containers
0:24:36
User Namespace and Seccomp support in Docker Engine
1:39:19
Lab: Linux Container Internals - Scott McCarty & Marcos Entenza Garcia, Red Hat
0:20:42
Making Kubernetes Safer with User Namespaces - DevConf.CZ 2021
Комментарии