sec4dev Hands on Session – Creating a simple but secure Linux container
Modern container orchestrators like Kubernetes, Docker or LXC work like magic. We run a simple command or submit a declaration file and the system pops up the requested application – but what is happening behind the curtains? What Linux features are leveraged to create something we call a container?
In yesterday’s sec4dev session, Reinhard Kugler (SBA Research) created a simple but secure Linux container from scratch. He discussed the moving parts like namespaces, capabilities and cgroups, dodging upcoming pitfalls and challenges.