Tutorial: Using Linux Primitives to Build Your Own Containers – Stéphane Graber & Christian Brauner
Tutorial: Using Linux Primitives to Build Your Own Containers – Stéphane Graber & Christian Brauner, Canonical Ltd.
Forum 1
Speakers: Christian Brauner, Stéphane Graber
Most people are familiar with various container tools including Docker, LXC and LXD. But they rarely are familiar with the kernel features enabling those tools.
To better understand everything involved, we will be creating our own container, from scratch.
Starting to look at the various namespaces, what they do, how to use them together, then setting up a suitable filesystem, integrating with a LSM, do some privilege and capability dropping and putting restrictions in place with cgroups.
At every step, you will see what your container can do and what it probably shouldn’t be allowed to do, through this experience you will get a better understanding of all the moving pieces that are put together to create a container.
by The Linux Foundation
linux foundation
