Description

Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18).

Exploring Container Mechanisms Through the Story of a Syscall - Alban Crequy, Kinvolk (Intermediate Skill Level)

Alban will explore different container mechanisms on Linux by following a simple example: what is happening when an application in a Kubernetes pod performs a syscall such as “open()”? In particular, he will go through the following subsystems: SELinux LSM, seccomp-bpf, capabilities, overlayfs and copy-on-write, and path lookups in the container mount namespace. He will see how it interacts with different pod configurations.

About Alban
Originally from France, Alban currently lives in Berlin where he is a CTO & co-founder at Kinvolk, a software engineering team focused on building foundational Linux technologies for the cloud. He is a contributor to rkt, a container runtime for Linux, Weave Scope, a container visualization & monitoring tool, and is actively working on BPF-related projects. Before falling into containers, Alban worked on various projects core to modern Linux; kernel IPC and storage, dbus performance and security, etc. His current technical interests revolve around networking, security, systemd and containers at the lower-levels of the system. Alban previously gave talks at several conferences including FOSDEM, Linux Plumbers, IO Visor Summit, Kubecon and LinuxCons/OSSummit.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.