Disclaimer: The elaboration associated to this subject results from a Master’s thesis created at SCHUTZWERK in collaboration with Aalen University by Philipp Schmied.
This post of the Linux Container series provides information regarding required fundamentals: Linux capabilities. The following list shows the topics of all scheduled blog posts. It will be updated with the corresponding links once new posts are being released.
An Introduction to Linux Containers Linux Capabilities An Introduction to Namespaces The Mount Namespace and a Description of a Related Information Leak in Docker The PID and Network Namespaces The User Namespace Namespaces Kernel View and Usage in Containerization An Introduction to Control Groups The Network and Block I/O Controllers The Memory, CPU, Freezer and Device Controllers Control Groups Kernel View and Usage in Containerization The traditional way of handling permissions in Linux involves exactly two process types: Privileged and unprivileged processes.
This is the introduction post for the Linux containers blog post series. The following list shows the topics of all scheduled blog posts. It will be updated with the corresponding links once new posts are being released.
An Introduction to Linux Containers Linux Capabilities An Introduction to Namespaces The Mount Namespace and a Description of a Related Information Leak in Docker The PID and Network Namespaces The User Namespace Namespaces Kernel View and Usage in Containerization An Introduction to Control Groups The Network and Block I/O Controllers The Memory, CPU, Freezer and Device Controllers Control Groups Kernel View and Usage in Containerization With the steadily growing spread of containerization now and in the future, it becomes increasingly necessary to properly understand the internals and potential security threats resulting from aspects like kernel vulnerabilities, container misconfigurations and wrong use.
