13:15 - 14:15 (UTC+02)
Talk (60 min)
Containers as an Illusion - Part I
One goal of containers is to provide an illusion: that a group of processes is in a world of their own, and that there are no other processes on the system. In this presentation, I briefly describe how a range of Linux features--namespaces, capabilities, cgroups (control groups), and seccomp--are used to support the creation of that illusion. Along the way, there'll be a lot of live demos illustrating how these mechanisms support the creation of the illusion.