Linux Conf AU 2018 Notes - Day 5

Keynote: Containers aka crazy userspace fun

Talk overview


  • Slides
  • contained.af
  • seccomp, apparmor, selinux etc
  • Make containers small
  • Shared namespaces: strace another container (shared PID namespace)
  • Intel clear containers are really VMs
  • rootless containers
  • What if we could apply the security principles for secure containers to programming languges?
  • Syscall profiling at build time rather than runtime (for golang) Relevant
  • metaparticle.io

nftables - from a users perspective


  • Replacement for iptables
  • iptables-translate
  • nftables

