O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Containers from scratch

162 visualizações

Publicada em

Containers from scratch by Liz Rice

What is a container? Is it really a “lightweight VM”? What happens when you type in "docker run"? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn what's happening under the covers when you start a container, and understand how namespaces, controls and chroot each contribute to the making of a container, We'll also cover what it means to run a privileged or non-privileged container.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Containers from scratch

  1. 1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam Containers from scratch Liz Rice Aqua Security
  2. 2. docker run <image>
  3. 3. 3@lizrice Build my own container in Go ■ Namespaces ■ Chroot ■ Cgroups
  4. 4. 4@lizrice Namespaces ■ What you can see ■ Created with syscalls ○ Unix Timesharing System ○ Process IDs ○ Mounts ○ Network ○ User IDs ○ InterProcess Comms
  5. 5. 5@lizrice CGroups ■ What you can use ■ Filesystem interface ○ Memory ○ CPU ○ I/O ○ Process numbers ○ ...
  6. 6. :(){ :|: & };:
  7. 7. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam github.com/lizrice/containers-from-scratch github.com/aquasecurity/microscanner @LizRice | @AquaSecTeam