Loading…
To Learn More or Register: LinuxCon North America | CloudOpen North America
View analytic
Wednesday, August 20 • 2:30pm - 3:20pm
Is It Safe To Run Applications In Linux Containers? - Jerome Petazzoni, Docker

Sign up or log in to save this to your schedule and see who's attending!

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.

We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Survey this Session   

Speakers
avatar for Jérôme Petazzoni

Jérôme Petazzoni

Tinkerer Extraordinaire, Docker Inc.
Jérôme works at Docker, where he helps others to containerize all the things. He was part of the team that built, scaled, and operated the dotCloud PAAS, before it became Docker. When he's not glued to a computer screen, he collects music instruments. He can passably murder the... Read More →


Wednesday August 20, 2014 2:30pm - 3:20pm
Sheraton Ballroom III

Attendees (0)