Rootless containers from scratch

Containers have taken off as a foundational technology for cloud native application development and deployment, through tools like Docker and Kubernetes. But there is an often-overlooked security issue, whereby users generally need root privileges to run containers, and by default, containers run as root on the host. Recently there have been significant advances to enable “rootless containers” that can be run without requiring root privileges. This talk will use live-coding in Go to illustrate how rootless containers are created, exploring why root was originally required and what has changed to enable rootless operation.

Lernziele

Attendees should leave this talk understanding that

* from the host’s perspective, containers are really just processes
* containers today are very likely to be running as root
* rootless containers will be a significant security improvement

Speaker

 

Liz Rice
Liz Rice is VP Open Source Engineering with cloud native security specialists Aqua Security and chair of the CNCF's Technical Oversight Committee. She co-chaired the KubeCon / CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-authored a book on Kubernetes Security for O'Reilly, with Michael Hausenblas.

CC-Newsletter

Sie möchten über die Continuous Lifecycle und die ContainerConf auf dem Laufenden gehalten werden?

 

Anmelden