Loading…
To Learn More or Register: LinuxCon North America | CloudOpen North America
View analytic
Wednesday, August 20 • 2:30pm - 3:20pm
Is It Safe To Run Applications In Linux Containers? - Jerome Petazzoni, Docker

Sign up or log in to save this to your schedule and see who's attending!

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.

We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Survey this Session   

Speakers
avatar for Jérôme Petazzoni

Jérôme Petazzoni

Tinkerer Extraordinaire, Enix SAS
Jérôme was part of the team that built, scaled, and operated the dotCloud PAAS, before it became Docker. He worked seven years at the famous container company, wearing various hats. When he's not busy with computers, he collects musical instruments. He can arguably play the theme... Read More →


Wednesday August 20, 2014 2:30pm - 3:20pm
Sheraton Ballroom III

Attendees (0)