This event has ended. Visit the official site or create your own event on Sched.
October 23-26, 2017 - Prague, Czech Republic
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Advanced [clear filter]
Monday, October 23

14:20 CEST

Hatching Security: LinuxKit as Security Incubator - Tycho Andersen and Riyaz Faizullabhoy, Docker Inc.
The host operating system and kernel are natural targets on machines which host containers, hostile or otherwise. In this talk we’ll discuss a new open source project called LinuxKit — which is part of the open source Moby Project, and led by Docker. LinuxKit is a tool for building Linux subsystems specifically designed to securely host containers. We’re making design decisions specific to our use case: read only host rootfs, small non-modularized config with most things disabled, etc.

We are actively working on upstreaming kernel features (e.g. teaching IMA about namespaces, so it can be sensibly used by containers), and incubating other projects such as Landlock, type-safe system daemons, and HPE’s okernel separation project. Additionally, we are interested collaborating on kernel hardening patches, and are interested in finding other collaboration opportunities at LSS.


Tycho Andersen

Software Engineer, Docker, Inc
Tycho is an engineer at Docker working on LinuxKit, a toolkit for building container-focused host operating systems out of Linux. In his spare time he rides bikes and does improv comedy. Tycho has been fortunate to speak at a number of industry conferences including linux.conf.au... Read More →

Riyaz Faizullabhoy

Security Engineer, Docker, Inc
Riyaz works on the security team at Docker and is a maintainer of LinuxKit and Notary. Prior to Docker, Riyaz researched malware and systems security at UC Berkeley. Riyaz has also spoken at DockerCon, LinuxCon NA, ContainerCon EU, and past Docker meetups.

Monday October 23, 2017 14:20 - 15:00 CEST
  LinuxCon Tracks

14:20 CEST

What's in a Kernel Oops? - Vlastimil Babka, SUSE
If you have been using Linux for some time, you must have seen at least one kernel oops or panic, because sadly no software is completely free of bugs. You probably submitted the report to a mailing list (after wondering which one to use to reach the right developers), and hopefully got the bug fixed. Did you wonder, what can the report actually tell the developers? In this session, Vlastimil Babka will explain it literally line by line on few real-world examples. The next time you see a kernel oops, you should have much better idea what went wrong, who to blame, or even submit a fix yourself!

avatar for Vlastimil Babka

Vlastimil Babka

Linux Kernel Developer, SUSE
Vlastimil is a Linux kernel developer working at SUSE, focusing on memory management. Previously he was a Gentoo Linux developer.

Monday October 23, 2017 14:20 - 15:10 CEST
  LinuxCon Tracks

15:10 CEST

Trolling != Enforcement - Shane Coughlan, OpenChain Project
This talk will the difference between copyright enforcement and "trolling" around Open Source licenses. It will explore what has happened in our space during the last five years, how organizations have reacted, and what is likely to occur next. The focus will be on lessons learned and how these lessons can be applied to real-world commercial situations.

avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →

Monday October 23, 2017 15:10 - 15:50 CEST
  LinuxCon Tracks

16:20 CEST

Architecturing and Securing IoT Cloud Platforms - Drasko Draskovic & Dejan Mijic, Mainflux
IoT device management and multi-protocol messaging platform demands specific architectural decisions and high-concurrency approaches due to the massive number of devices we expect to be connected in the near future. All of this must be done with high security in mind, as well as respecting requirements for low-power, memory constrained devices with intermittent connectivity and limited bandwidth.

We will analyze the architecture, implementation and testing procedures needed for creating an industry-grade IoT platform and propose a patent-free open-source solution based on a set of scalable containerized microservices, with high concurrency and high security based on PKI with specific ciphers and encryption procedures that are suitable for constrained devices.

Similar tutorial session was accepted and presented on Open Networking Summit 2017 in Santa Clara and was very well received.

avatar for Drasko DRASKOVIC


CEO, Mainflux
Drasko is an IoT expert with over 15 years of professional experience. He hacked embedded Linux SW and HW device drivers, designing complex wireless systems in telecom industry: he was working on OMAP platform in Texas Instruments, designed 4G multi-protocol femto-cells in Alcatel-Lucent... Read More →
avatar for Dejan Mijic

Dejan Mijic

Software Architect, Mainflux
Software engineer interested in distributed systems. Co-architect and principal developer of Mainflux IoT platform. PhD candidate at the University of Novi Sad, Serbia.

Monday October 23, 2017 16:20 - 17:00 CEST
  CloudOpen Tracks

17:10 CEST

Containerd Internals: Building a Core Container Runtime - Stephen Day, Docker & Phil Estes, IBM
Containerd is the core container runtime used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we dive into design decisions that help containerd meet a diverse set of requirements for a growing container world. Developing an understanding of the decoupled components will provide attendees a grasp where they can leverage functionality in their platforms. By slicing the components of a container runtime into the right pieces, integrators can choose only what they need.

avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Phil Estes

Phil Estes

Principal Engineer, AWS
Phil is a Principal Engineer in the container compute organization at Amazon Web Services (AWS). Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight Board (TOB).Phil enjoys... Read More →

Monday October 23, 2017 17:10 - 17:50 CEST
  ContainerCon Tracks
Wednesday, October 25

12:05 CEST

Mixing cgroupfs v1 and cgroupfs v2: Finding Solutions for Container Runtimes - Christian Brauner, Canonical Ltd.
With the release of kernel 4.5 the new cgroupfs v2 API was declared non-experimental. But the missing feature parity between cgroupfs v2 with cgroupfs v1 makes it nearly impossible for container runtimes to use it. Especially before the cpu controller is merged, no runtime is expected to switch to it by default. Nonetheless cgroupfs v2 is slowly making its way into various distributions. This brings with it a new set of problems and challenges which container runtimes must tackle. For example, one of the core problems container runtimes will have to face is how to support running cgroupfs v1 hierarchies inside a container while the host is running a cgroupfs v2 hierarchy and vica versa. This talk will try to outline some of these problems more clearly, and suggest possible solutions and hopefully inspire a fruitful discussion that leads to further solutions or at least helps to identify and specify various problems more clearly.

avatar for Christian Brauner

Christian Brauner

Principal Software Engineer, Microsoft Corp.
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Microsoft. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →

Wednesday October 25, 2017 12:05 - 12:45 CEST
  ContainerCon Tracks

14:15 CEST

Continuous Integration of an Operating System in Kubernetes - Stef Walter, Red Hat
At Red Hat we use Kubernetes to do continuous integration of an entire operating system, booting tens of thousands of operating systems a day in Kubernetes.

I’ll share some surprising results we found while using Kubernetes in this way. We achieved six times the task density by deploying Kubernetes on the same hardware resources.

We’ll also look at what we had to change in Kubernetes to enable this, including bringing necessary devices into Kubernetes pods. You’ll also see Cockpit based dashboard that lets us jump into any container and diagnose issues or visualize scaling.

avatar for Stef Walter

Stef Walter

Hacker, manager, and CI freak., Red Hat
Stef is an avid open source hacker. He's contributed to over a hundred open source projects, and can be found preaching about continuous integration and working on the Cockpit Linux admin interface. He's a usability freak. Stef lives in Germany, and works at Red Hat.

Wednesday October 25, 2017 14:15 - 14:55 CEST
Karlin I
  ContainerCon Tracks

16:15 CEST

Lab: Linux Container Internals - Scott McCarty & Marcos Entenza Garcia, Red Hat
Have you ever wondered how Linux containers work? How they really work, deep down inside? Questions like: How does sVirt/SELinux, SECCOMP, namespaces, and isolation really work? How does the Docker Daemon work? How does Kubernetes talk to the Docker Daemon? How are container images made? In this lab, we'll answer all these questions and more. If you want a deep technical understanding of containers, this is the lab for you. An engineering walk through the deep, dark internals of the container host, what’s packaged in the container image, and how container orchestration work. You'll get the knowledge and confidence it takes to apply your current Linux technical knowledge to containers.

avatar for Marcos Entenza Garcia

Marcos Entenza Garcia

SRE - Open Innovation Labs, Red Hat
At Red Hat's Open Innovation Labs, Marcos Entenza (aka Mak), helps build our Push Button Infrastructure that we use to accelerate customer residencies. He is part of the Consulting Team, where he has been played Consultant and Architect roles for Customer's engagements, helping Enterprise... Read More →
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →

Wednesday October 25, 2017 16:15 - 17:45 CEST
Congress Hall III