September 15 - 16, 2022 | Dublin, Ireland + Virtual
View More Details & Registration Information
Note: The schedule is subject to change.

Please note all session times are listed in Irish Standard Time (IST), UTC +1.
To view the schedule at your preferred time, please choose your location on the right-hand navigation panel under ’Timezone.’

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Back To Schedule
Friday, September 16 • 11:15 - 12:00
What's New in the User Namespace - Stephane Graber, Canonical Ltd. & Christian Brauner, Microsoft Corp.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The user namespace has grown a lot since its introduction some 9 years ago. However, it is still very far from ubiquitous, even in the modern container space. In this talk, we'll be exploring the current state of things and delve into some of the exciting developments that have recently landed or will be landing very soon. This will cover the very exciting work done on the new VFS API and VFS idmap shifting, now making it very easy to setup containers without having to first mangle their root filesystem. More importantly, also allowing containers relying on shared filesystem layers to be easily run unprivileged. On the security front, we'll be covering the work to better mediate the use of the user namespace, allowing LSMs to decide who can or cannot create a user namespace. As well as the recent addition of IMA namespacing now makes it possible to have an entire system measured and checked, containers included. We'll wrap things up looking ahead for any other major blocker to the adoption of user namespace and the deprecation of much less safe container options.

avatar for Stephane Graber

Stephane Graber

Project leader for LXD, Canonical Ltd.
Stéphane Graber is the upstream project leader for LXC and LXD at Canonical and a frequent speaker and track leader at events related to containers and Linux. Stéphane is a longtime contributor to the Ubuntu Linux distribution as an Ubuntu core developer and previous Ubuntu technical... Read More →
avatar for Christian Brauner

Christian Brauner

Principal Software Engineer, Microsoft Corp.
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

Friday September 16, 2022 11:15 - 12:00 IST
Liffey A (Level 1)
  Refereed Presentations
  • Speaker Details In Person
  • Presentation Slides Attached Yes