Challenges of Using User Namespaces at Big Scale

Поделиться
HTML-код
  • Опубликовано: 26 сен 2024
  • Presenters: Mauricio Vásquez, Kinvolk
    Running a process as root inside containers is a security risk: if such a process is able to break out of the container into the host, it can cause considerable damage as it will be running as a privileged user there.
    User namespaces are a solution for this problem as they isolate user and group IDs, a process running as root in a container runs as non-root in the host. The OCI specification and projects like runc, containerd and cri-o support them, but Kubernetes doesn’t.

Комментарии •

Следующие
Автовоспроизведение
CoreOS vs Fedora IoT27:46CoreOS vs Fedora IoT
CoreOS vs Fedora IoTRed Hat Community
Просмотров 856
bootc - A new project for bootable containers - Container Plumbing Days 202334:02bootc - A new project for bootable containers - Container Plumbing Days 2023
bootc - A new project for bootable containers - Container Plumbing Days 2023Red Hat Community
Просмотров 1,4 тыс.
Lightning talks - Container Plumbing Days24:53Lightning talks - Container Plumbing Days
Lightning talks - Container Plumbing DaysRed Hat Community
Просмотров 104
Overwatch 2 x My Hero Academia | Collaboration Trailer00:29Overwatch 2 x My Hero Academia | Collaboration Trailer
Overwatch 2 x My Hero Academia | Collaboration TrailerPlayOverwatch
Просмотров 533 тыс.
I Thought this would be Safe!16:41I Thought this would be Safe!
I Thought this would be Safe!colinfurze
Просмотров 926 тыс.
Hurricane Helene 11 a.m. update - Thursday Sept 2606:39Hurricane Helene 11 a.m. update - Thursday Sept 26
Hurricane Helene 11 a.m. update - Thursday Sept 26NBC2 News
Просмотров 54 тыс.
Major Hurricane Helene As It Happened, Part 1...11:43:58Major Hurricane Helene As It Happened, Part 1...
Major Hurricane Helene As It Happened, Part 1...Ryan Hall, Y'all
Просмотров 3,7 млн
Future of CRI and Container Runtimes - Container Plumbing Days48:30Future of CRI and Container Runtimes - Container Plumbing Days
Future of CRI and Container Runtimes - Container Plumbing DaysRed Hat Community
Просмотров 163
4 JavaScript Projects under 4 Hours | JavaScript Projects For Beginners | JavaScript | Simplilearn3:44:174 JavaScript Projects under 4 Hours | JavaScript Projects For Beginners | JavaScript | Simplilearn
4 JavaScript Projects under 4 Hours | JavaScript Projects For Beginners | JavaScript | SimplilearnSimplilearn
Просмотров 356 тыс.
SQL Joins Explained in Live Online Class | Left, Right, Inner, Outer| Introtallent1:07:47SQL Joins Explained in Live Online Class | Left, Right, Inner, Outer| Introtallent
SQL Joins Explained in Live Online Class | Left, Right, Inner, Outer| IntrotallentIntrotallent Training
Просмотров 308
Viral Video of a Man's Crazy Job Interview16:02Viral Video of a Man's Crazy Job Interview
Viral Video of a Man's Crazy Job InterviewDarryl Vega TV
Просмотров 997 тыс.
Business Analyst Full Course [2024] | Business Analyst Tutorial For Beginners | Edureka3:28:05Business Analyst Full Course [2024] | Business Analyst Tutorial For Beginners | Edureka
Business Analyst Full Course [2024] | Business Analyst Tutorial For Beginners | Edurekaedureka!
Просмотров 268 тыс.
Container IMA using eBPF - Container Plumbing Days 202328:43Container IMA using eBPF - Container Plumbing Days 2023
Container IMA using eBPF - Container Plumbing Days 2023Red Hat Community
Просмотров 228
WE GOT ACCESS TO GPT-3! [Epic Special Edition]3:57:17WE GOT ACCESS TO GPT-3! [Epic Special Edition]
WE GOT ACCESS TO GPT-3! [Epic Special Edition]Machine Learning Street Talk
Просмотров 309 тыс.
Eiffel Summit 2024 - Filtering and Scaling of Eiffel1:18:42Eiffel Summit 2024 - Filtering and Scaling of Eiffel
Eiffel Summit 2024 - Filtering and Scaling of EiffelEiffel Community
Просмотров 18
Jenkins Full Course | Jenkins Tutorial For Beginners | Jenkins Tutorial | Simplilearn2:56:07Jenkins Full Course | Jenkins Tutorial For Beginners | Jenkins Tutorial | Simplilearn
Jenkins Full Course | Jenkins Tutorial For Beginners | Jenkins Tutorial | SimplilearnSimplilearn
Просмотров 1,3 млн
Офицер, я всё объясню01:00Офицер, я всё объясню
Офицер, я всё объяснюИстория одного вокалиста
Просмотров 2,4 млн
TUTORIAL Fly objects #TREND 😂 #trend #magic #tutorial #backstage #creative#shorts00:16TUTORIAL Fly objects #TREND 😂 #trend #magic #tutorial #backstage #creative#shorts
TUTORIAL Fly objects #TREND 😂 #trend #magic #tutorial #backstage #creative#shortsPaky Official
Просмотров 331 тыс.
I don't really like the shoes my daughter made for me. #funny #cute #comedy00:12I don't really like the shoes my daughter made for me. #funny #cute #comedy
I don't really like the shoes my daughter made for me. #funny #cute #comedyFunny daughter's daily life
Просмотров 1,5 млн
ДРУГ СКИНУЛ ПЛЕЙЛИСТ #прикол #юмор00:32ДРУГ СКИНУЛ ПЛЕЙЛИСТ #прикол #юмор
ДРУГ СКИНУЛ ПЛЕЙЛИСТ #прикол #юморБионическая Россия
Просмотров 690 тыс.
Новая BMW 5 провал за 10 млн! ИЛИ?..32:07Новая BMW 5 провал за 10 млн! ИЛИ?..
Новая BMW 5 провал за 10 млн! ИЛИ?..Автосалон Синдиката
Просмотров 489 тыс.
От iPhone 16 такого не ожидал никто!00:43От iPhone 16 такого не ожидал никто!
От iPhone 16 такого не ожидал никто!ÉЖИ АКСЁНОВ
Просмотров 1,4 млн
Веллер. Как Трамп закончит войну за 24 часа, русский яд для Кадырова, агент КГБ Меркель, харя Шольца49:13Веллер. Как Трамп закончит войну за 24 часа, русский яд для Кадырова, агент КГБ Меркель, харя Шольца
Веллер. Как Трамп закончит войну за 24 часа, русский яд для Кадырова, агент КГБ Меркель, харя ШольцаВ гостях у Гордона
Просмотров 667 тыс.
МОЛОДАЯ ЖЕНА НАГРУЗКА #советдня #мудрость #мотивациянауспех #вау #юмор00:25МОЛОДАЯ ЖЕНА НАГРУЗКА #советдня #мудрость #мотивациянауспех #вау #юмор
МОЛОДАЯ ЖЕНА НАГРУЗКА #советдня #мудрость #мотивациянауспех #вау #юморKURUCHBRO
Просмотров 603 тыс.