Exploring Container Mechanisms Through the Story of a Syscall
Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as open()? In particular, …
| Talk Title | Exploring Container Mechanisms Through the Story of a Syscall |
| Speakers | Alban Crequy (CTO, Kinvolk) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Copenhagen, Denmark |
| Date | Apr 30-May 4, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as “open()”? In particular, he will go through the following subsystems: SELinux LSM, seccomp-bpf, capabilities, overlayfs and copy-on-write, and path lookups in the container mount namespace. He will see how it interacts with different pod configurations.
