Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Containers from scratch

160 Aufrufe

Veröffentlicht am

Containers from scratch by Liz Rice

What is a container? Is it really a “lightweight VM”? What happens when you type in "docker run"? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn what's happening under the covers when you start a container, and understand how namespaces, controls and chroot each contribute to the making of a container, We'll also cover what it means to run a privileged or non-privileged container.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Containers from scratch

  1. 1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam Containers from scratch Liz Rice Aqua Security
  2. 2. docker run <image>
  3. 3. 3@lizrice Build my own container in Go ■ Namespaces ■ Chroot ■ Cgroups
  4. 4. 4@lizrice Namespaces ■ What you can see ■ Created with syscalls ○ Unix Timesharing System ○ Process IDs ○ Mounts ○ Network ○ User IDs ○ InterProcess Comms
  5. 5. 5@lizrice CGroups ■ What you can use ■ Filesystem interface ○ Memory ○ CPU ○ I/O ○ Process numbers ○ ...
  6. 6. :(){ :|: & };:
  7. 7. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam github.com/lizrice/containers-from-scratch github.com/aquasecurity/microscanner @LizRice | @AquaSecTeam

×