Vancouver, BC, Canada
August 27 & 28 - Co-Located Events, Tutorials, Labs & Lightning Talks
August 29-31 - Conference
Click Here For Information & Registration
Friday, August 31 • 4:00pm - 4:40pm
The State of Rootless Containers - Aleksa Sarai, SUSE LLC & Akihiro Suda, NTT

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Running containers without the need for root privileges is fairly attractive, as it can protect the system from potential security bugs in the runtime through principle-of-least-privilege. Also, the ability for any user to spawn up a container allows usage in enterprise multi-tenant environments where even the security of the container runtime is not necessarily trusted.

In this talk, Aleksa and Akihiro will provide a review of the current state of the art in rootless containers and an overview of current techniques being used and problems that are currently being worked on (both in userland and in kernel-space). The main topics of discussion will be the topic of privileged filesystem emulation, removing the need for suid binaries, and work done on a rootless userland networking stack using TAP interfaces.  Finally, a discussion of rootless Kubernetes will be touched on with regard to the remaining

avatar for Aleksa Sarai

Aleksa Sarai

Senior Software Engineer, SUSE LLC
Aleksa Sarai is a core developer and maintainer of runc and umoci, contributor to the Open Container Initiative specifications, and a long-time contributor to Docker. In addition, he's contributed to the Linux kernel as part of his work on containers. He works on the Kubernetes core... Read More →
avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT
Akihiro Suda is a software engineer at NTT Corporation. He has been a maintainer of Moby (dockerd), BuildKit, containerd, runc, etc. He is also a founder of nerdctl and Lima (CNCF project).

Friday August 31, 2018 4:00pm - 4:40pm PDT
Room 118