How Containers Contain

Presented at LayerOne 2017, May 27, 2017, 4 p.m. (60 minutes)

An introduction to the underlying technologies being used by most container frameworks. The presentation covers the basics of kernel namespaces, cgroups, kernel capabilities, and chroots. This presentation will demonstrate how to use each technology independently and combined to restrict resource usage of a process or groups of processes, allow non root users to carry out privileged tasks in a secure fashion, isolate a process or groups of processes from others, restrict a process or group of processes view of a file system and more! There will be an emphasis on security and system hardening using these technologies.


  • z0rro
    Kyeho is a blue teamer by day. He helps run DC562.


Similar Presentations: