Linux User Namespaces
Note: WE ARE MEETING AT TWO SIGMA!! We'll need names, and you will need IDs. RSVP will open Wednesday September 5th, 2018, 4:30pm.
The Linux kernel's user namespaces feature http://man7.org/linux/man-pages/man7/user_namespaces.7.html is one of the cornerstones in building many interesting technologies that allow isolation and sandboxing of applications, for example running containers without root privileges and sandboxes for web browser plug-ins. In this presentation, we'll look in detail at user namespaces, building up a basic understanding of what a user namespace is and going on to questions such as: what does being "superuser inside a user namespace" allow you do (and what does it not allow); what is the relationship between user namespaces and other namespace types (PID, UTS, network, etc.); and what are the security implications of user namespaces? We'll also explore some simple shell commands that can be used for creating and experimenting with user namespaces in order to better understand how they work. We'll conclude with a brief survey of some use cases for user namespaces.
Join us afterwards at the Cupping Room Cafe where we'll continue the discussion over drinks and/or food. The Cupping Room Cafe is located at 359 W Broadway, two blocks from the venue.
Michael Kerrisk is a programmer, writer, and trainer who has a passion for investigating and explaining software systems. He is the author of The Linux Programming Interface http://man7.org/tlpi/ , a widely acclaimed book on Linux (and UNIX) system programming. He has been actively involved in the Linux development community since 2000, operating mainly in the area of testing, design review, and documentation of kernel-user-space interfaces. Since 2004, he has maintained the Linux man-pages project https://www.kernel.org/doc/man-pages/ , which provides the primary documentation for Linux system calls and C library functions. Michael is a New Zealander, living in Munich, Germany, from where he operates a training business ( http://man7.org/training/ ) providing low-level Linux programming courses primarily in Europe, and occasionally in North America and further afield.