Wednesday

Room 2

13:15 - 14:15 (UTC+02)

Talk (60 min)

Containers as an Illusion - Part I

One goal of containers is to provide an illusion: that a group of processes is in a world of their own, and that there are no other processes on the system. In this presentation, I briefly describe how a range of Linux features--namespaces, capabilities, cgroups (control groups), and seccomp--are used to support the creation of that illusion. Along the way, there'll be a lot of live demos illustrating how these mechanisms support the creation of the illusion.

Architecture
Security
Software Design

Michael Kerrisk

Michael Kerrisk is a trainer, author, and programmer who has a passion for investigating and explaining software systems. He is the author of "The Linux Programming Interface", a widely acclaimed book on Linux (and UNIX) system programming. He has been actively involved in the Linux development community since 2000, operating mainly in the area of testing, design review, and documentation of kernel-user-space interfaces. Since 2004, he has maintained the Linux "man-pages" project, which provides the primary documentation for Linux system calls and C library functions. Michael is a New Zealander, living in Munich, Germany, from where he operates a training business (man7.org) providing low-level Linux programming courses in Europe, North America, and occasionally further afield.