Making the LSM available to containers
stacking and namespacing the LSM
John Johansen
John Johansen works for Canonical doing kernel related work for the Ubuntu security team.
John Johansen began working with open source software in the late 80s and began playing with Linux in 93. He completed a masters in mathematics at the University of Waterloo and the began working for Immunix doing compiler hardening, and then AppArmor. After Immunix was acquired by Novell he began working on Suse Linux and in 2009 he joined Canonical as a kernel engineer. He is currently employed by Canonical as a security engineer with a primary focus on supporting the AppArmor project.
Containers would like to be able to make use of Linux Security Modules (LSMs), from providing more complete system virtualization to improving container confinement. To date containers access to the LSM has been limited but there has been work to change the situation.
This presentation will discuss the current state of LSM stacking and namespacing. The work being done on various security modules to support namespacing, the infrastructure work being done to improve the LSM, an examination of the remaining problems, and provide a demo of a container leveraging LSM stacking so that the host is using a different security module than that of the container.
- Date:
- 2018 May 26 - 10:45
- Duration:
- 30 min
- Room:
- 155 (Medium)
- Conference:
- openSUSE Conference 2018
- Language:
- Track:
- Open Source
- Difficulty:
- Medium
- Booths and Retro Gaming in the Main Lobby
- Start Time:
- 2018 May 26 10:00
- Room:
- Main Lobby (open space)
- Container and VM Building OBS Workshop
- Start Time:
- 2018 May 26 10:30
- Room:
- 349 (Workshop)
- The GNU Health : Free Software technology improving Public Healthcare around the world
- Start Time:
- 2018 May 26 10:45
- Room:
- 105 (Main)
- Security Retrospective of the last year
- Start Time:
- 2018 May 26 11:00
- Room:
- 107 (Small)