SPLVM Virtualized System Meetup

Host: Mossaka

  1. Community hosted meetup for discussing anything related to distributed systems, operating systems, database, and networking. Currently focusing on virtualization, tracking course UCSD CSE 291.
  2. Schedule
  3. Biweekly Zoom meeting on Monday at 5pm PDT
  4. Code of Conduct
  5. Please use “Raise Hands” feature on Zoom
  6. Welcome to unmute or comment in chat at ANY TIME!

Containers

What is a container?

  1. A Linux process
  2. A file format
  3. A runtime environment

Linux technology

  1. Namespaces
    1. isolation of container processes from host
  2. Cgroups
    1. restrict allocation of resources to processes
  3. Capabilities
    1. reduce the power of root for “privileged” containers

“Containers do not contain”

  1. CVE-2016-5195 DirtyCow
    1. allows an unprivileged user to gain write access to read-only memory mappings. exploited to gain root access
  2. CVE-2017-5753 Spectre/meltdown
    1. exploit modern microprocessor architecture due to speculative execution

Linux x86_64 has 319 system calls, 2049 CVEs since 1999