Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
To Learn More or Register: LinuxCon North America | CloudOpen North America
View analytic
Wednesday, August 20 • 2:30pm - 3:20pm
Is It Safe To Run Applications In Linux Containers? - Jerome Petazzoni, Docker

Sign up or log in to save this to your schedule and see who's attending!

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.

We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Survey this Session   

Speakers
avatar for Jerome Petazzoni

Jerome Petazzoni

Tinkerer Extraordinaire, Docker Inc.
Jerome works at Docker, where he helps others to containerize all the things. In another life he built clouds when EC2 was just the name of a plane, developed a GIS to deploy dark fiber through the French subway, managed commando deployments of large-scale video streaming systems in bandwidth-constrained environments such as conference centers, operated and scaled the dotCloud PAAS, and other feats of technical wizardry. When annoyed he threatens... Read More →


Wednesday August 20, 2014 2:30pm - 3:20pm
Sheraton Ballroom III