Exploring Container Mechanisms Through the Story of a Syscall
Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as open()? In particular, …
Talk Title | Exploring Container Mechanisms Through the Story of a Syscall |
Speakers | Alban Crequy (CTO, Kinvolk) |
Conference | KubeCon + CloudNativeCon Europe |
Conf Tag | |
Location | Copenhagen, Denmark |
Date | Apr 30-May 4, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as “open()”? In particular, he will go through the following subsystems: SELinux LSM, seccomp-bpf, capabilities, overlayfs and copy-on-write, and path lookups in the container mount namespace. He will see how it interacts with different pod configurations.