Can applications contain themselves?

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 5:45 p.m. (15 minutes)

Containers are all the rage right now, but at the heart of them is just Linux cgroups and namespaces, so code. This talk will cover an experimental wrapper of the go build toolchain that will allow your application to contain itself. Some interesting things can be gained from this method including a perfect seccomp whitelist. Instead of just imaging a world, you can live in one where you have a perfectly static binary that is capable of isolating itself on start with namespaces, cgroups, seccomp, and apparmor.

Presenters:

• Jess Frazelle
  Type-casted as the person who runs everything in containers including desktop apps. Open source fanatic. Has been described as a "Weird sunbeam of awesome".

Links:

• https://2016.kiwicon.org/the-con/talks/#e253

Similar Presentations:

• DEF CON 23 (2015) / Linux Containers: Future or Fantasy?
• 32C3 (2015) / Check your privileges!: How to drop more of your privileges to reduce attack surface.