The document discusses the role of namespaces and cgroups in container technology, focusing on their properties and functionality. It highlights how namespaces manage different aspects of a process, while cgroups allow processes to inherit and be reassigned resources. The author invites readers to visit their booth for further engagement.

1. What have namespaces
done for you lately?
Liz Rice
Technology Evangelist
Aqua Security
@lizrice

2. Namespaces
CGroups
Fork bomb
Build my own container in Go

3. What you can see
Namespaces

4. Properties of the process as it’s created
• Unix Timesharing System
• Process IDs
• Mounts
• Network
• User IDs
• InterProcess Comms
Namespaces
Syscall interface

5. What you can use
Cgroups

6. Processes inherit from parent
Can be reassigned to different cgroups
• Memory
• CPU / CPU cores
• Devices
• I/O
• Processes
• …
Cgroups
Filesystem interface

7. :(){ :|: & }; :

8. Thank you
Come say hi at booth #S23
@lizrice | @AquaSecTeam
#dockercon