Are containers that we have now secure enough? / Linux Plumbers Conference: Developing the Kernel, Libraries and Utilities

Are containers that we have now secure enough?

This proposal has been accepted as a session.

Accepted Session

Containers

Microconference Session

One Line Summary

Let's discuss what security aspects we may have with existing implementation of containers in the kernel

Abstract

Preliminary list of topics

no control over kernel memory
veth networking is not safe enough or slow (e.g. — IP spoofing)
no selinux virtualization
mixture of 64 and 32 bits apps in one container

Presentation Materials

slides

Back to list of sessions

Speakers

Vladimir Davydov
Biography

Vladimir is a software engineer at Parallels working on company’s Cloud Server products. He holds a master degree in Applied Mathematics from the Moscow Institute of Physics and Technology. He now develops the kernel of the OpenVZ container virtualization system and works on its inclusion to mainline.

Sessions
- * Are containers that we have now secure enough?
  - Title: Are containers that we have now secure enough?
  - Microconference: Containers
  - Time: 9:15am
  - One Line Summary:
    Let’s discuss what security aspects we may have with existing implementation of containers in the kernel
  - slides
  - Speakers: Pavel Emelyanov, Vladimir Davydov
Pavel Emelyanov
Biography

Pavel is a principal engineer at Parallels working on company’s Cloud Server projects. He holds a PhD degree in Applied Mathematics from the Moscow Institute of Physics and Technology. He now maintains CRIU and works on its integration with other Linux containers projects.

His speaking experience includes many talks and presentations of Containers and Checkpoint/Restore projects at such conferences as LSFMM summit, Kernel Summit, LinuxCon, Plumbers and Linux Conf AU in the recent years.

Sessions
- * Updating the kernel using CRIU and KExec
  - Title: Updating the kernel using CRIU and KExec
  - Microconference: Live Kernel Patching
  - Time: 2:00pm
  - One Line Summary:
    Pros and cons of replacing the kernel seamlessly to running processes instead of live-patching it.
  - slides
  - Speakers: Pavel Emelyanov
- * Checkpoint/restore of containers with CRIU
  - Title: Checkpoint/restore of containers with CRIU
  - Microconference: Containers
  - Time: 9:25am
  - One Line Summary:
    Current status and plans for LXC/Docker and CRIU integration.
  - slides
  - Speakers: Pavel Emelyanov, Serge Hallyn, Tycho Andersen, Saied Kazemi
- * Are containers that we have now secure enough?
  - Title: Are containers that we have now secure enough?
  - Microconference: Containers
  - Time: 9:15am
  - One Line Summary:
    Let’s discuss what security aspects we may have with existing implementation of containers in the kernel
  - slides
  - Speakers: Pavel Emelyanov, Vladimir Davydov

Linux Plumbers Conf 2014

Are containers that we have now secure enough?

One Line Summary

Abstract

Presentation Materials

Speakers

Vladimir Davydov

Biography

Sessions

Pavel Emelyanov

Biography

Sessions

Welcome

Subscribe to

Sponsors

PLATINUM SPONSORS

GOLD SPONSORS

SILVER SPONSORS

T-SHIRT SPONSOR

EVENT SPONSORS

MEDIA SPONSORS