Can applications contain themselves?

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 5:45 p.m. (15 minutes)

Containers are all the rage right now, but at the heart of them is just Linux cgroups and namespaces, so code. This talk will cover an experimental wrapper of the go build toolchain that will allow your application to contain itself. Some interesting things can be gained from this method including a perfect seccomp whitelist. Instead of just imaging a world, you can live in one where you have a perfectly static binary that is capable of isolating itself on start with namespaces, cgroups, seccomp, and apparmor.


  • Jess Frazelle
    Type-casted as the person who runs everything in containers including desktop apps. Open source fanatic. Has been described as a "Weird sunbeam of awesome".


Similar Presentations: