SPLVM Virtualized System Meetup
Host: Mossaka
- Community hosted meetup for discussing anything related to distributed systems, operating systems, database, and networking. Currently focusing on virtualization, tracking course UCSD CSE 291.
- Schedule
- Biweekly Zoom meeting on Monday at 5pm PDT
- Code of Conduct
- Please use “Raise Hands” feature on Zoom
- Welcome to unmute or comment in chat at ANY TIME!
Containers
What is a container?
- A Linux process
- A file format
- A runtime environment
Linux technology
- Namespaces
- isolation of container processes from host
- Cgroups
- restrict allocation of resources to processes
- Capabilities
- reduce the power of root for “privileged” containers
- CVE-2016-5195 DirtyCow
- allows an unprivileged user to gain write access to read-only memory mappings. exploited to gain root access
- CVE-2017-5753 Spectre/meltdown
- exploit modern microprocessor architecture due to speculative execution
Linux x86_64 has 319 system calls, 2049 CVEs since 1999