►
From YouTube: UniMatrix Technical Board Call 2021-08-31
A
Okay,
so
let's
get
started
then
so
the
agenda
for
today
is
the
security
container
security.
I
would
say,
unless
you
want
to
widen
the
discussion,
so
I'm
sorry
to
say
that
from
axis
side
we
don't
have.
B
Yeah
so
yeah,
in
addition,
so
could
you
please
bring
back
the
discussion
right
there
and
if
you
can,
could
you
please
get
the
feedback
from
the
security
expert
in
axis?
Okay,.
A
Yeah,
okay,
but
I
I
have
written
down
some
american
general
recommendations
from
axis
side
that
we
can
discuss
around
or
does
anyone
else
have
a
presentation
or
something
to
come.
B
B
So,
first
of
all,
so
I
would
like
to
share
the
progress
of
our
investigation
and.
B
Issues
to
be
solved
hassan,
could
you
please
do
the
presentation.
A
Okay,
so
okay
yeah,
then
we'll
we'll
start
off
with
I
pro
and
then
high
vision
and
then
I'll
bring
my
presentation.
D
Okay,
so
here's
this
so
that
the
potential
risk
that
april
is
facing
when
we're
trying
to
avoid
the
pace.
Rest.
D
Our
concerns
about
is
that,
because
our
containers,
that
is
required
some
permission
to
access
to
the
system-based
partitions,
remember
these
partitions.
D
So
we
are
concerned
about
how
we
can
protect
our
working
note,
because
in
the
reals
in
in
the
real
life,
maybe
the
hacker
they
can
attack
to
the
master
node.
I
assume
so
when
the
at
the
master
node
will
hide
it
by
the
the
hacker.
So
he
can
deploy
some
ports
that
have
fully
permissions
to
access
to
the
system
and
so
from
that
he
scan
fully.
D
Can
change
control
the
working
node,
all
the
work
nodes
in
the
cluster,
and
currently
I
only
found
that
the
have
several
methods
to
improve
the
security
in
the
in
orchestration
system
like
kubernetes
or
k2s,
for
example,
using
the
root
list
or
you
can
set
the
users
or
permission
via
the
name
space
or
using
the
role
based
asset
controls,
or
you
need
the
regularly
ports
that
only
allowed
to
read
instead
of
changing
the
root
contents.
D
So
our
problem
is
that
how
we
can
avoid
the
damage
to
the
working
nodes
when
the
master
has
problems
have
occupied
on
the
hacker,
so.
D
So
we
have
the
first,
we
have
several
ideas,
so
this
is
our
first
approaching
so
because
we
assume
that
the
master
node
and
was
occupied,
so
we
want
to
increase
the
securities
of
the
working
node,
so
it
can
active,
protect
itself
from
the
against
the
the
master
in
the
case
that
you
know
lost
control.
D
So
our
target
in
here
is
that
we
will
focus
on
the
container
runtime
we're
using
the
we
will
increase,
improve
the
security
for
the
container
run
temp
and
in
years
we
select
the
trial
and
the
function
that
we
want
to
to
add
to
improve.
The
security
is
that
we
want
to
control
fully
control
the
the
bomb's
melting
function,
abilities
and
also
we
will
dispose
the
privilege
port
permissions,
so
it's
at
least
this
can
prevent
the
masternode
deploy
the
the
ports
that
have
the
privilege
permissions.
D
So,
with
this
target,
we
have
two
methods
from
the
method:
one
we
can.
I
think
we
can
using
the
some
control
the
linux
kernel.
Security
modules
like
app
are
more
or
similar
notes,
but
with
this
approaching,
we
have
to
add
some
attrition
libraries
or
our
dependencies
so
and
also
we
maybe
have
to
change
something
in
our
kernels,
so
we
want
to
avoid
it
at
the
first
time.
D
The
second
method
is
that
we
focus
on
the
host
path
mounting
functions
actually
in
case.
Yes,
we
can
using
hostpath
via
the
by
setting
up
and
directly
using
the
host
path
volume
source
or
we
can
using
via
the
persistent
yellow
volume,
so.
D
We
focus
on
this,
and
at
least
with
first
with
this
approaching,
we
can
reduce
the
security
risk
that
can
that
the
attacker
that
he
can
utilize
via
the
horsepower
functions.
D
D
But
after
with
the
the
previous
methods
we
found,
they
have
some
support
that
we
need
to
consider-
and
I
think
with
this
point
here-
is
that
in
the
case
that
if
the
hacker
they
can
create
a
fake
port,
I
mean
he
deploy
a
port
that
has
the
same
or
quite
similar
permissions
with
the
normal
port.
So
maybe
he
can
freely
to
accept
to
the
system
base
without
the
chinese
without
the
energy
acknowledged
from
the
worker.
Note.
D
So
with
this
point
that
we
still
don't
have
the
solution
for
this
to
to
prevent
this
kind
of
attack.
So
so
that's
all
from
from
me.
So
do
you
have
any
questions?
Question.
B
For
your
reference,
so
I
pro
is
continuously
investigating
the
security
about
the
continental
cancellation,
and
so
maybe
the
final
output
would
be
shared
in
maybe
in
the
out
to
the
end
of
december.
Maybe.
A
Can
we
can
we
split
this
in
like
two
parts,
one
yeah
more
general,
which
is
a
container
container
runtime
and
one
with
reducing
kubernetes?
A
A
Because
the
problem,
the
security
problem
is
general
right,
so
even
if
you're
not
using
kubernetes
there,
yes,
so
I
I
think
we
because,
at
least
from
our
side
we
have
not
decided
to
use
kubernetes
at
all.
D
Yes,
so
remember
that
from
access
to
you're,
gonna
use
the
uncycle
and
continue.
A
Yeah
well
answer
all
this
one
way
I
mean,
so
we
don't
actually
have
a
specific
device
for
orchestration
the
device
requirements
for
the
orchestration,
we're
just
using
our
already
existing
app
guys.
That's,
but
that's
not
a
standardized
api,
so
that's
part
of
our
native
apis
for
managing
devices
and
so
on.
B
B
In
this
meeting,
so
maybe
we
I
we
will
not
discuss
the
unification
about
the
ecosystem
so
so
far,
so
we
only
have
to
provide
the
users
the
selection
choices.
B
Maybe
the
ecosystem
can
be
selected
by
the
integrators
freely.
Therefore,
so
in
case
of
eyebrow,
so
I
will
try
to
use
the
kubernetes,
in
addition,
so
in
case
of
actually
subtract
to
use
the
ansible
and
the
container,
maybe
docker
and
therefore
so
so
far.
So
we
we
try
to
share
the
both
of
them
with
the
users.
B
It
means
we
we
should
provide
the
both
of
the
reference
implementation.
So
in
this
meeting,
so
I
would
like
to
discuss
the
security
and,
of
course,
so
so
the
invest
according
to
the
investigation.
Until
now,
so
ipro
found
several
issues
about
the
community
security.
However,
so
we
will
continue
a
continuously
investigate
the
security
about
kubernetes,
and
so
we
will
solve
all
issues
by
the
uni
matrix
version
1.0.
B
Okay,
therefore,
so
in
this
meeting,
so
we
we
should
discuss,
we
should
focus
on
the
security
implementation
and
not
about
the
choice
of
the
ecosystem.
Okay,.
A
A
Should
we
should
agree
on
the
general
security
recommendation,
the
general
security
measures
that
we
want
to
promote.
A
B
Yeah
after
this
meeting,
I
will
upload
this
document
on
the
github
at
that
meeting
directory.
Thank
you.
B
Okay,
it's
dorasan's
turn.
Could
you
please.
C
Okay,
we
maybe
present
something
different
from
your
your
side
and
my
colleague
leo
will
present
to
the
presentation.
E
E
So,
in
our
view,
we
have
a
different
view
with
panasonic
approaching,
we
think
in
our
opinion,
we
have
we
in
our
device.
We
want
to
protect
our
resource
on
our
device
like
cpu
memory,
iot
device
network
and
system
core
and
fire
and
capability.
E
The
first
cpu
and
memory
and
io
device
limiting
the
usage
of
cpu
and
memory
is
the
basic
capability
of
the
container
technologies
and
cpu
cycle
in
container
is
controlled
through
a
cpuc
group
like
a
cf
for
a
query,
u.s
and
cpu
dot
cf
for
quota
us,
and
we
can
set
a
maximal
memory
usages
through
through
to
memory
maximal
usage
invites,
but
this
is
this
is
in
a
sequel
to
system
and
file
system
interface
and
for
io
device
mount
dv
in
dv
directory
in
container
and
set
permissions
through
c
group
device
controller.
E
This
is
an
example
and
our
entry
is
ended,
using
device
control
load
and
remove
using
device
denied.
For
instance,
we
can
echo
this
three
into
the
c
group
interface,
so
this
this
means
allow
the
cpu
cgroup
1
to
read
and
make
node
the
device,
usually
known
as
the
dv
knot
and
doing
echo
er
a
to
the
file
system
like
this
means
we'll
remove
all
the
with
all
the
other
device
permissions.
E
E
This
container
this
container
is
in
the
different
network,
needs
space
with
host
container
and
net
and
host
connected
by
the
vth
pair,
so
the
canada
didn't
so
so
so
internet
couldn't
couldn't
access
the
container
through
network.
E
And
about
this
is
called
using
this
comp.
This
compa
is
the
computer
and
it's
a
computer
security
facility
in
this
kernel
which
allow
a
represent
to
make
a
one-way
transition
into
a
security
state
where
it
cannot
make
any
system
called
expat.
Xd
signal
return,
read
write
to
a
already
open
file
decrypter,
and
we
can
enable
this
call
model
through
cisco
and
cisco.
E
E
And
single
return
and
exchange
group
this
call
so
if
we
so
if
this
program
want
to
get
pid
from
the
kernel,
it
will
return
fair
when
the
final
program
is
complete
and
run
you
can
see.
E
Then
we
save
the
configure
file
and
try
to
load
container
with
the
second
configure.
Above
then
we
can
run
docker,
commander
and
load
this
configure
file.
So
in
this
container
we
we
deny,
we
deny
change
models.
This
call,
so
the
contender
will
return
fair
when
he
when
he
wants
to
chat-
and
you
want
to
change
mode
of
a
file
in
container
in
the
last
about
the
file
and
capability.
E
E
E
E
E
A
Yeah
one
comment:
I
mean
app
armor
and
sec
comp.
You
have
different
sections
on
that,
but
they
are
basically
doing
similar
things
that
that
I
mean
sec.
Comp
is
also
an
lsm,
so
it's
either.
Actually
you
can
use
both
of
them.
At
the
same
time,
I
guess
it's
a
kernel
option
that
you
enable
so
both
of
them
are
cisco,
provides
prevent
cisco.
I
think
app
armor
can
also
do
more
things.
App
armor
can,
for
example,
filter
also
access
to
debussed
services.
A
A
Can
we
decide
on
one
lsm
or
shall
we
allow
different,
shall
we
allow
different
vendors
to
support
for
different
lsm
so
that
we
have
to
support
both
armor
and
second,
or
can
we
decide
on
one
from
axis
side
we
have
looked
at
mostly
at
app
armor
and
leaning
towards
that
one
actually.
A
Yeah,
but
the
problem
is
that,
let's
say
the
let's
say
you
make
a
an
application
that
is
supposed
to
run
on
a
camera,
and
then
one
camera
is
using
second
and
another.
Camera
is
using
app
armor
and
basically
that
application
will
have
to
provide
a
app
armor
profile
and
a
second
both
of
these
kind
of
profiles
to
be
able
to
run
with
the
container
runtime.
So
it's,
but
these
things
can
be
automatically
generated
by
some.
A
C
Yeah
here
the
app
armor,
we
just
give
an
example
and.
A
Yeah
but
independently,
if
you're,
using
an
lsm
like
a
farmer
or
second,
the
the
same
principle,
the
this
is
global
in
your
system
so
independently.
If
they
run
in
a
container
or
if
they
run
natively
on
the
os
it
they
you
have
to
provide
when
you
run
an
application,
even
if
it's
inside
the
container
it's
outside.
A
You
have
to
use
this
second
profile
or
app
armor
profile
when
you
run
so
that
you're
telling
okay
this
system,
that
these
things
will
be
accessed
by
this
application
and
then
it
allows
to
to
enable
it.
C
A
All
right,
so
I
just
wrote
down
some
general
security
recommendations.
All
of
this
is
not
completely
defined,
I
guess,
but
I
think
we
should
just
scan
our
containers
for
known
vulnerabilities.
This
is
a
service
that
is
provided
by
some
registries
already
like
docker
hub.
A
I
think
also
git
lab
allows
this,
I'm
not
sure
if
it's
allowed
in
our
current,
I
think
we
have
gitlab
gold.
A
A
So
yeah
that's
one
thing:
we
should
also
have
a
look.
I'm
not
sure
how
good
the
gitlab's
security
scanning
is
and
one
another
thing
is
to
reduce
the
attack
surface
by
minimizing
the
containers.
So,
for
example,
there's
a
tool
called
docuslim
which
does
this.
It
checks
what
whatever
libraries
that
an
application
is
using
and.
A
A
Things
like
app
armor
profiles,
so
it
will
check
whatever
system
calls
that
your
application
is
making
and
create
an
app
armor
profile
for
the
application
that
you
can
include
the
same
thing
for
second,
I
think
I
haven't
tried
this
part
myself.
I've
I've
used
docker
slim
to
kind
of
to
minimize
the
runtime
containers
that
we
that
we
have
in
our
index,
samples
like
for
larot
and
for
dbus
and
so
on.
A
So
this
can
be
quite
easily
done
by
enabling
some
compiler
flags
and
linker
flags
it
at
the
cost
of
some
runtime
cost.
I
think
you
can
lose
like
five
percent
five
to
ten
percent,
what
I've
seen
so
depending
on
on
which
flags
you
enable
so
and
then
we
come
to
the
lsms.
So
I
think
we
should
generate
profiles
for
for
some
for
the
either
for
app
armor
or
for
second
or
for
both
of
them.
So
when
you
do,
when
you
write
an
application,
you
will,
you
will
include.
A
And
then
number
five
is:
we
should
use
the
using
namespace
so
that
the
the
root
the
container
root
is
not
the
system
root.
A
A
B
So
this
is
described
by
you
right.
B
Yeah
yeah,
yeah
and
so
hansa
and
the
torso
explained
their
thinking,
and
so
what
is
the
lacking
items
for
the.
A
A
Gets
stuck
or
something
it
can
occupy
the
whole
cpu.
So
that's
something
that
we
might
want
to
control
in
an
in
an
app
manifest
as
well.
So
I
think
in
the
last
bullet
I
have
hearing
about
a
manifest.
I
think
we
should
maybe
discuss
that
at
some
point.
A
A
A
B
So
what
I
would
like
to
say
is
to
modify
these
recommendations
based
on
the
presentation
of
the
dolores
and
hanson,
and
so
the
concrete
method
should
be
described
in
each
items.
One
two,
three,
four,
five,
six,
seven!
Maybe
I
don't.
A
Know
so
the
question
is:
if
how
how
much
freedom
we
should
give
the
device.
A
Calling
it
recommendations
because,
right
now
it
seems
like
there's
quite
a
lot
of
difference
between
manufacturers,
how
we
do
different
things,
and
so
these
are
more
like
recommendations
and
you
don't
have
to
follow
them.
B
B
However,
so
dollar
sign
suggested
up,
armor
and
the
second
both
of
them
are
okay
for
the
integrators,
so
I
agree
with
doris.
So
of
course,
so
we
should
provide
the.
B
Rights
of
the
selection
to
the
integrators,
therefore,
so
maybe
you
should
list
both
of
them
in
the
paragraph
and
so
maybe.
B
We
should
write
the
essential
elements
of
unimatrix
and,
in
addition,
so
the
concrete
method
for
each
item.
A
I'm
not
sure
I
should
do
all
of
that,
so
I
can
take
care
of
a
few
this,
but
also
I'm
not
sure
we
are.
I
mean
at
this
point.
I
still
think
this
is
up
in
the
air
to
be
decided.
It's
not.
These
are
just
these
six
bullets
that
we
I
wrote
down
is
just
some
that
came
from
the
top
of
my
head.
I'm
sure
there
are
more
things
to
to
think
about
so
at
this
point
not
sure
if
we
can
make
something
really
concrete,
but
yeah
I
can.
A
A
A
B
A
C
B
Before
that,
so
can
I
discuss
another
topic?
Okay,.
A
B
B
Our
devas
broker
is
greater
than
give
us
demon
and
the
reason
is
by
the
high
credibility
and
low
memory
consumption.
B
Therefore,
so
we
would
try
to
introduce
the
abas
broker
to
the
unimatrix
and
so
and
so
far,
so
our
railroad
need
the
debuss
and
systemd,
and
so,
even
if
the
ea
bus
broker
is
introduced,
railroad
can't
work
correctly.
A
B
B
So
auto
also,
we
need
to
confirm
the
operation
of
rattle
on
our
system.
E
B
Didn't
you
find
any
problem
about
systemd.
B
B
Okay,
anyway,
so
please
try
to
confirm
the
behavior
by
using
the
deepest
broker
more
right.
Yes,
okay,
yes,
okay,
I'm
sorry
frederickson!
So
I
misunderstood
something.
A
Okay,
now
the
problem
with
oh,
not
a
problem,
but
if
we
should
use
deepa's
broker,
we
have
to
write
our
own
because
dbos
broker
that
doesn't
access
the
file
system
at
all
it
it.
It
requires
you
to
give
it
some
file
scriptures.
A
So
you,
some
other
program,
must
open
these
files
to
this
to
the
debuss
system
socket.
So
it's
probably
not
a
lot
of
work
to
do
that,
but
I
had
a
look-
and
I
just
found
it
was
much
it's
easier.
It
was
easier
for
me
to
use
the
bus
daemon
for
the
sample,
but
it's
definitely
possible
to
use
debuss
broker,
but
then
we
have
someone
has
to
write
a
small
launcher
that
will
open
these
open
the
socket
or
create
it
if
it's
needed
and
then
pass
it
on
cd
bus
pro.
B
Okay,
so
let's
continue
to
our
investigation,
continues.
E
A
Okay,
so
let's
discuss
next
meeting,
I
propose
to
move
to
back
to
wednesday
because
from
our
our
security
guys
not
available
in
tuesdays,
so
I
I
suggest
to
have
next
telco
on
the
15th
at
the
same
time,
so
15
of
september
at.
A
Okay,
then
we'll
book,
that
really
can
you
make
the
booking
every
15th
yes
september,
at
the
which
time
it
was
one
o'clock
at
one
o'clock,
utc?
Yes,
yeah!
I
will
do
it
okay,
perfect!