November 25, 2019

133 words 1 min read

Exploring Container Mechanisms Through the Story of a Syscall

Exploring Container Mechanisms Through the Story of a Syscall

Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as open()? In particular, …

Talk Title Exploring Container Mechanisms Through the Story of a Syscall
Speakers Alban Crequy (CTO, Kinvolk)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Copenhagen, Denmark
Date Apr 30-May 4, 2018
URL Talk Page
Slides Talk Slides
Video

Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as “open()”? In particular, he will go through the following subsystems: SELinux LSM, seccomp-bpf, capabilities, overlayfs and copy-on-write, and path lookups in the container mount namespace. He will see how it interacts with different pod configurations.

comments powered by Disqus