SlideShare a Scribd company logo

Containers from scratch

Rakuten Group, Inc.
Rakuten Group, Inc.

What is a container? Is it really a “lightweight VM” or is it more like a Linux process? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn how namespaces, control groups and chroot are used to construct containers, and how they are isolated from each other and from the host machine they run on.

Technology
1 of 6
Download to read offline
Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam Containers from scratch Liz Rice Aqua Security
2@lizrice Build my own container in Go ■ Namespaces ■ Chroot ■ Cgroups
3@lizrice Namespaces ■ What you can see ■ Created with syscalls ○ Unix Timesharing System ○ Process IDs ○ Mounts ○ Network ○ User IDs ○ InterProcess Comms
4@lizrice Chroot ■ Set root directory to a subdirectory within host’s root Host sees: /some/directory/on/host/file1 /some/directory/on/host/dir1/file2 Container with chroot to /some/directory/on/host sees: /file1 /dir1/file2
5@lizrice CGroups ■ What you can use ■ Filesystem interface ○ Memory ○ CPU ○ I/O ○ Process numbers ○ ...
Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam github.com/lizrice/containers-from- scratch @LizRice | @AquaSecTeam

Recommended

Containers from scratch
Containers from scratchContainers from scratch
Containers from scratch
J On The Beach
 
Restinio - header-only http and websocket server
Restinio - header-only http and websocket serverRestinio - header-only http and websocket server
Restinio - header-only http and websocket server
corehard_by
 
Basic commands of linux By Adam
Basic commands of linux By Adam Basic commands of linux By Adam
Basic commands of linux By Adam
Mohammed Adam
 
OS入門 Fukuoka.php vol.18 LT資料
OS入門 Fukuoka.php vol.18 LT資料OS入門 Fukuoka.php vol.18 LT資料
OS入門 Fukuoka.php vol.18 LT資料
ichikaway
 
File server-info
File server-infoFile server-info
File server-info
Rubén Orellana Flores
 
Redis clustering
Redis clusteringRedis clustering
Redis clustering
Ravi Yasas
 
About linux japanese
About linux japaneseAbout linux japanese
About linux japanese
Shota Ito
 
Docker on Windows
Docker on WindowsDocker on Windows
Docker on Windows
Carl Su
 

Recommended

Containers from scratch
Containers from scratchContainers from scratch
Containers from scratch
J On The Beach
 
Restinio - header-only http and websocket server
Restinio - header-only http and websocket serverRestinio - header-only http and websocket server
Restinio - header-only http and websocket server
corehard_by
 
Basic commands of linux By Adam
Basic commands of linux By Adam Basic commands of linux By Adam
Basic commands of linux By Adam
Mohammed Adam
 
OS入門 Fukuoka.php vol.18 LT資料
OS入門 Fukuoka.php vol.18 LT資料OS入門 Fukuoka.php vol.18 LT資料
OS入門 Fukuoka.php vol.18 LT資料
ichikaway
 
File server-info
File server-infoFile server-info
File server-info
Rubén Orellana Flores
 
Redis clustering
Redis clusteringRedis clustering
Redis clustering
Ravi Yasas
 
About linux japanese
About linux japaneseAbout linux japanese
About linux japanese
Shota Ito
 
Docker on Windows
Docker on WindowsDocker on Windows
Docker on Windows
Carl Su
 
Redis -- Memory as the New Disk
Redis -- Memory as the New DiskRedis -- Memory as the New Disk
Redis -- Memory as the New Disk
Tim Lossen
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
Bill Miller
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
Yuhao Zhang
 
Red Hat Gluster Storage
Red Hat Gluster StorageRed Hat Gluster Storage
Red Hat Gluster Storage
Katsutoshi Kojima
 
BlankOn Server - Lesson Learned
BlankOn Server - Lesson LearnedBlankOn Server - Lesson Learned
BlankOn Server - Lesson Learned
Andika Triwidada
 
Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
PHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right WayPHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right Way
André Rømcke
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinos
Alejandro Pérez García
 
Diy containers
Diy containersDiy containers
Diy containers
Georgi Sabev
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvd
gourav kottawar
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers
Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containers
OpenVZ
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
Kostja Osipov
 
Vim
VimVim
Vim
dstarr009
 
ulimit
ulimit ulimit
ulimit
hiyelata
 
CoreOS
CoreOSCoreOS
CoreOS
Frik khechoomian
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel Emelyanov
OpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015
OpenVZ
 
Passwords Found on a Wireless Network
Passwords Found on a Wireless NetworkPasswords Found on a Wireless Network
Passwords Found on a Wireless Network
Dug Song
 
Intoroduction of py7zr
Intoroduction of py7zrIntoroduction of py7zr
Intoroduction of py7zr
Hiroshi Miura
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
Making Security Invisible
Making Security InvisibleMaking Security Invisible
Making Security Invisible
J On The Beach
 

More Related Content

What's hot

Redis -- Memory as the New Disk
Redis -- Memory as the New DiskRedis -- Memory as the New Disk
Redis -- Memory as the New Disk
Tim Lossen
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
Bill Miller
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
Yuhao Zhang
 
Red Hat Gluster Storage
Red Hat Gluster StorageRed Hat Gluster Storage
Red Hat Gluster Storage
Katsutoshi Kojima
 
BlankOn Server - Lesson Learned
BlankOn Server - Lesson LearnedBlankOn Server - Lesson Learned
BlankOn Server - Lesson Learned
Andika Triwidada
 
Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
PHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right WayPHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right Way
André Rømcke
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinos
Alejandro Pérez García
 
Diy containers
Diy containersDiy containers
Diy containers
Georgi Sabev
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvd
gourav kottawar
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers
Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containers
OpenVZ
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
Kostja Osipov
 
Vim
VimVim
Vim
dstarr009
 
ulimit
ulimit ulimit
ulimit
hiyelata
 
CoreOS
CoreOSCoreOS
CoreOS
Frik khechoomian
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel Emelyanov
OpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015
OpenVZ
 
Passwords Found on a Wireless Network
Passwords Found on a Wireless NetworkPasswords Found on a Wireless Network
Passwords Found on a Wireless Network
Dug Song
 
Intoroduction of py7zr
Intoroduction of py7zrIntoroduction of py7zr
Intoroduction of py7zr
Hiroshi Miura
 

What's hot (20)

Redis -- Memory as the New Disk
Redis -- Memory as the New DiskRedis -- Memory as the New Disk
Redis -- Memory as the New Disk
 
Unix Ramblings
Unix RamblingsUnix Ramblings
Unix Ramblings
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
 
Red Hat Gluster Storage
Red Hat Gluster StorageRed Hat Gluster Storage
Red Hat Gluster Storage
 
BlankOn Server - Lesson Learned
BlankOn Server - Lesson LearnedBlankOn Server - Lesson Learned
BlankOn Server - Lesson Learned
 
Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)
 
PHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right WayPHP Benelux 2017 - Caching The Right Way
PHP Benelux 2017 - Caching The Right Way
 
Autentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinosAutentia OS - 20180210 - Docker y las películas de chinos
Autentia OS - 20180210 - Docker y las películas de chinos
 
Diy containers
Diy containersDiy containers
Diy containers
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvd
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containers
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
 
Vim
VimVim
Vim
 
ulimit
ulimit ulimit
ulimit
 
CoreOS
CoreOSCoreOS
CoreOS
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel Emelyanov
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015
 
Passwords Found on a Wireless Network
Passwords Found on a Wireless NetworkPasswords Found on a Wireless Network
Passwords Found on a Wireless Network
 
Intoroduction of py7zr
Intoroduction of py7zrIntoroduction of py7zr
Intoroduction of py7zr
 

Similar to Containers from scratch

Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
Making Security Invisible
Making Security InvisibleMaking Security Invisible
Making Security Invisible
J On The Beach
 
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Amazon Web Services
 
Containerization & Docker - Under the Hood
Containerization & Docker - Under the HoodContainerization & Docker - Under the Hood
Containerization & Docker - Under the Hood
Imesha Sudasingha
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
Linaro
 
Take care of hundred containers and not go crazy
Take care of hundred containers and not go crazyTake care of hundred containers and not go crazy
Take care of hundred containers and not go crazy
Honza Horák
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
Paris Container Day
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
Michael Boelen
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
Akihiro Suda
 
Leveraging Android's Linux Heritage at AnDevCon V
Leveraging Android's Linux Heritage at AnDevCon VLeveraging Android's Linux Heritage at AnDevCon V
Leveraging Android's Linux Heritage at AnDevCon VOpersys inc.
 
Mem forensic
Mem forensicMem forensic
Mem forensic
Chong-Kuan Chen
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VIOpersys inc.
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
Sreenivas Makam
 
Caching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer scienceCaching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer science
Jarek Potiuk
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
EnergySec
 
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
Chinthaka Deshapriya (RHCA)
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
Phil Estes
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smart
Jeff Beley
 

Similar to Containers from scratch (20)

Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Making Security Invisible
Making Security InvisibleMaking Security Invisible
Making Security Invisible
 
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
Linux Container Primitives and Runtimes (CON407-R1) - AWS re:Invent 2018
 
Containerization & Docker - Under the Hood
Containerization & Docker - Under the HoodContainerization & Docker - Under the Hood
Containerization & Docker - Under the Hood
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
 
Take care of hundred containers and not go crazy
Take care of hundred containers and not go crazyTake care of hundred containers and not go crazy
Take care of hundred containers and not go crazy
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Leveraging Android's Linux Heritage at AnDevCon V
Leveraging Android's Linux Heritage at AnDevCon VLeveraging Android's Linux Heritage at AnDevCon V
Leveraging Android's Linux Heritage at AnDevCon V
 
Mem forensic
Mem forensicMem forensic
Mem forensic
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Caching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer scienceCaching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer science
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
 
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
Sa1 chapter-5-managing-local-linux-users-and-groups-v2 (4)
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smart
 

More from Rakuten Group, Inc.

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
Rakuten Group, Inc.
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
Rakuten Group, Inc.
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
Rakuten Group, Inc.
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Rakuten Group, Inc.
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
Rakuten Group, Inc.
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
Rakuten Group, Inc.
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
Rakuten Group, Inc.
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
Rakuten Group, Inc.
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
Rakuten Group, Inc.
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
Rakuten Group, Inc.
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
Rakuten Group, Inc.
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
Rakuten Group, Inc.
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
Rakuten Group, Inc.
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
Rakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
Rakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
Rakuten Group, Inc.
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
Rakuten Group, Inc.
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
Rakuten Group, Inc.
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
Rakuten Group, Inc.
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
Rakuten Group, Inc.
 

More from Rakuten Group, Inc. (20)

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
 

Recently uploaded

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

Containers from scratch

  • 1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam Containers from scratch Liz Rice Aqua Security
  • 2. 2@lizrice Build my own container in Go ■ Namespaces ■ Chroot ■ Cgroups
  • 3. 3@lizrice Namespaces ■ What you can see ■ Created with syscalls ○ Unix Timesharing System ○ Process IDs ○ Mounts ○ Network ○ User IDs ○ InterProcess Comms
  • 4. 4@lizrice Chroot ■ Set root directory to a subdirectory within host’s root Host sees: /some/directory/on/host/file1 /some/directory/on/host/dir1/file2 Container with chroot to /some/directory/on/host sees: /file1 /dir1/file2
  • 5. 5@lizrice CGroups ■ What you can use ■ Filesystem interface ○ Memory ○ CPU ○ I/O ○ Process numbers ○ ...
  • 6. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @LizRice | @AquaSecTeam github.com/lizrice/containers-from- scratch @LizRice | @AquaSecTeam