User Namespace and Seccomp Support in Docker Engine - Paul Novarese, Docker

No ratings

Presented at LinuxCon 2016 by

Isolation in Docker is mainly accomplished via cgroups and namespaces. User namespaces are the newest namespace to be supported by the Docker engine, and allow users to run Containers as without elevated privileges, which has been a longstanding shortcoming and frequent target of both user frustration and feature requests. In addition, Seccomp support adds a new method of containment for running Containers by providing both whitelist and blacklist based Controls of system calls that are permitted and/or forbidden for containerized processes. In this session, we’ll look at these new features, examine basics of configuration, and do some live demos to see them in action.