uidshift

Linux containers and user namespaces – Part 2

    In our last blog post we gave you a short introduction to Linux namespaces. Part 2 will go deeper into user namespaces and current problems that Linux containers face today. Among them, resource accounting and container privileges are top culprits. Currently, processes on the host may still share some resource accounting within processes inside containers. The question of how many processes the same user and owner of containers must have is one of the many examples.

Continue reading

Linux containers and user namespaces – Part 1

    Containers are lightweight virtualization tools that give the illusion of separation and isolation to processes. They are not a security technology, but they do offer some isolation like filesystem operations and network operations, using Linux namespaces. However, as more containers are deployed we continue to find problems that need to be addressed. Among them, resource accounting and container privileges are top culprits. For now we will give you a quick overview over Linux namespaces.

Continue reading