Open Source Summit North America 2018

Running containers without the need for root privileges is fairly attractive, as it can protect the system from potential security bugs in the runtime through principle-of-least-privilege. Also, the ability for any user to spawn up a container allows usage in enterprise multi-tenant environments where even the security of the container runtime is not necessarily trusted.

In this talk, Aleksa and Akihiro will provide a review of the current state of the art in rootless containers and an overview of current techniques being used and problems that are currently being worked on (both in userland and in kernel-space). The main topics of discussion will be the topic of privileged filesystem emulation, removing the need for suid binaries, and work done on a rootless userland networking stack using TAP interfaces.  Finally, a discussion of rootless Kubernetes will be touched on with regard to the remaining
roadblocks.