An introduction to the underlying technologies being used by most container frameworks. The presentation covers the basics of kernel namespaces, cgroups, kernel capabilities, and chroots. This presentation will demonstrate how to use each technology independently and combined to restrict resource usage of a process or groups of processes, allow non root users to carry out privileged tasks in a secure fashion, isolate a process or groups of processes from others, restrict a process or group of processes view of a file system and more! There will be an emphasis on security and system hardening using these technologies.