-
Welcome
-
Subscribe to
Are containers that we have now secure enough?
This proposal has been accepted as a session.
One Line Summary
Let's discuss what security aspects we may have with existing implementation of containers in the kernel
Abstract
Preliminary list of topics
- no control over kernel memory
- veth networking is not safe enough or slow (e.g. — IP spoofing)
- no selinux virtualization
- mixture of 64 and 32 bits apps in one container
Presentation Materials
slidesSpeakers
-
Biography
Vladimir is a software engineer at Parallels working on company’s Cloud Server products. He holds a master degree in Applied Mathematics from the Moscow Institute of Physics and Technology. He now develops the kernel of the OpenVZ container virtualization system and works on its inclusion to mainline.
Sessions
-
- Title: Are containers that we have now secure enough?
- Microconference: Containers
- Time: 9:15am
-
One Line Summary:
Let’s discuss what security aspects we may have with existing implementation of containers in the kernel
- slides
- Speakers: Pavel Emelyanov, Vladimir Davydov
-
-
Biography
Pavel is a principal engineer at Parallels working on company’s Cloud Server projects. He holds a PhD degree in Applied Mathematics from the Moscow Institute of Physics and Technology. He now maintains CRIU and works on its integration with other Linux containers projects.
His speaking experience includes many talks and presentations of Containers and Checkpoint/Restore projects at such conferences as LSFMM summit, Kernel Summit, LinuxCon, Plumbers and Linux Conf AU in the recent years.
Sessions
-
- Title: Updating the kernel using CRIU and KExec
- Microconference: Live Kernel Patching
- Time: 2:00pm
-
One Line Summary:
Pros and cons of replacing the kernel seamlessly to running processes instead of live-patching it.
- slides
- Speakers: Pavel Emelyanov
-
- Title: Checkpoint/restore of containers with CRIU
- Microconference: Containers
- Time: 9:25am
-
One Line Summary:
Current status and plans for LXC/Docker and CRIU integration.
- slides
- Speakers: Pavel Emelyanov, Serge Hallyn, Tycho Andersen, Saied Kazemi
-
- Title: Are containers that we have now secure enough?
- Microconference: Containers
- Time: 9:15am
-
One Line Summary:
Let’s discuss what security aspects we may have with existing implementation of containers in the kernel
- slides
- Speakers: Pavel Emelyanov, Vladimir Davydov
-