Checking your --privileged container

Presented at BSidesSF 2021 Virtual, March 9, 2021, 1:05 p.m. (25 minutes).

Streaming at [https://youtu.be/wa\_T8vAv9kg](https://youtu.be/wa_T8vAv9kg) Join us at [r/BSidesSF](https://reddit.com/r/BSidesSF) on Reddit for live AMA style Q&A (2020) Docker provides a convenient --privileged flag to create "privileged containers" but what does it actually do? In this talk, we will explain the internals of how docker provides isolation, and what happens when these security features are disabled. Spoiler alert: trivial container escapes.

Presenters:

  • Maya Kaczorowski
    Maya is a Product Manager at GitHub in software supply chain security. She was previously in Security & Privacy at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises. She completed her Master's in mathematics focusing on cryptography and game theory. Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.
  • Sam "Frenchie" Stewart
    Frenchie is far too biased to answer this question, and instead chooses to break the 4th wall. Originally from Batmania, live[d|s] in San Secuestro, now in Middle Earth. Currently Infrastructure Security @ Brex. Previously, Infrastructure Security Engineering Manager at Cruise. Shipped https://github.com/cruise-automation/k-rail

Links:

Similar Presentations: