Are containers that we have now secure enough?

This proposal has been accepted as a session.


One Line Summary

Let's discuss what security aspects we may have with existing implementation of containers in the kernel


Preliminary list of topics

  • no control over kernel memory
  • veth networking is not safe enough or slow (e.g. — IP spoofing)
  • no selinux virtualization
  • mixture of 64 and 32 bits apps in one container

Presentation Materials