One of the most obvious features of containers to new users is that they allow for isolated root filesystem environments. The way container engines achieve this is through careful manipulation mount namespaces and mount sharing flags. If one of these steps is handled incorrectly, attackers may be able to control the host. Further, even if mounts are configured correctly, things like binding or moving mounts, or simply creating a whole new copy of a virtual filesystem can make host filesystem security more difficult to reason about. And on top of that, malicious users could also exploit unknown bugs in filesystem block parsers.
While most container engines heavily lock down mount() by default, it is useful to understand *why* this is the case and what possible exploits look like. In this talk, I’ll cover basics of how a container’s rootfs is configured, as well as how mount flags interact with namespaces, and what container engines do about all this.
Tycho is an engineer at Docker working on LinuxKit, a toolkit for building container-focused host operating systems out of Linux. In his spare time he rides bikes and does improv comedy. Tycho has been fortunate to speak at a number of industry conferences including linux.conf.au... Read More →
Tuesday October 24, 2017 16:05 - 16:45 CEST
Karlin I
