Understanding User Namespaces
User namespaces are at the heart of many interesting technologies that allow isolation and sandboxing of applications, for example running containers without root privileges and sandboxes for web brow …
| Talk Title | Understanding User Namespaces |
| Speakers | Michael Kerrisk (Trainer/consultant, man7.org Training and Consulting) |
| Conference | Open Source Summit Europe |
| Conf Tag | |
| Location | Prague, Czech Republic |
| Date | Oct 21-27, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
User namespaces are at the heart of many interesting technologies that allow isolation and sandboxing of applications, for example running containers without root privileges and sandboxes for web browser plug-ins. In this presentation, we’ll look in detail at user namespaces, building up a basic understanding of what a user namespace is and going on to questions such as: what does being “superuser inside a user namespace” allow you do (and what does it not allow); what is the relationship between user namespaces and other namespace types (PID, UTS, network, etc.); and what are the security implications of user namespaces? We’ll also explore some simple shell commands that can be used for creating and experimenting with user namespaces in order to better understand how they work. We’ll conclude with a brief survey of some use cases for user namespaces.
