Enabling Security via Container Runtimes

Abstract

An overview of the work performed at various levels—Linux kernel, OCI runc, containerd/cri-o and Docker—to bring core security features into the runtime layers and, where applicable, available to platforms like Kubernetes. In this talk we cover everything from seccomp to user namespaces, to cross-cutting features like rootless containers and encrypted layers.