Rootless Containers with runC

Presented by Aleksa Sarai
Thursday 4:35 p.m.–5:20 p.m.
Target audience: Developer

Abstract

Essentially all popular container runtimes require some form of root privileges in order to create and manage containers. This becomes a problem for certain systems, where administrators are hesitant to install any software, let alone a container runtime -- many of which allow for privileged containers without authentication.

In this talk, Aleksa Sarai will describe recent work done within runC by himself and other maintainers to allow people to use rootless containers with a well-supported container runtime, as well as discussing challenges discovered by this work and kernel work which is being done to alleviate these challenges and bring a new form of containers to users and developers. In addition, he will briefly talk about image formats and the management of images without privileges as well.

Presented by

Aleksa Sarai

website twitter

Aleksa Sarai is a maintainer of runC, and a long-time contributor to the Open Container Initiative as well as Docker. In addition, he's contributed to the Linux kernel as part of his work on containers. He works on the containers team at SUSE, maintaining runC, Docker and related software for both SUSE Linux enterprise and openSUSE; he is also committed to working in the open, and is a strong proponent of Free Software. In his spare time, he is also studying Physics and Computer Science at the University of Sydney, doing various research projects in various areas of theoretical and experimental physics.

Sponsors

We thank our Emperor Penguin sponsors for their generous contribution to linux.conf.au 2017.

Other Sponsors

©2016 Linux Australia and linux.conf.au 2017. Linux is a registered trademark of Linus Torvalds. Site design by Takeflight. Image credits can be found on our Colophon.