Making Containers Safer - Stéphane Graber & Christian Brauner, Canonical Ltd.
Containers are used for a multitude of workloads everywhere today. But not all containers are actually created in a way that we can be sure that they are safe to use. In fact, CVE-2019-5736 has shown that most containers are not.In this talk we will thus take a close look at what is required to make containers safe.The first part of this presentation we will go over the main type of containers out there, look at what security features they are using and what their security model is.In the second part we will be focusing on new features, covering recent kernel developments to make unprivileged containers safe and at the same time more usable.In the last part we will take a look at what we consider remaining challenges to make containers safe.