Kata Containers: Advanced Features of QEMU for Better Container Isolation by Eric Ernst

Full talk name: Kata Containers: Leveraging Advanced Features of QEMU to Provide Better Container Isolation Kata Containers is an open source project that brings the security of hardware virtualization to containers through lightweight VMs. In its effort to look and feel like a container, Kata leverages many of the features in KVM/QEMU which are typically not needed for a cloud virtual machine. How many developers use VFIO? How many use VFIO-hotplug? And DAX and nvdimm and CPU hotplug? This session details how Kata Containers use features of KVM/QEMU and some of the problem areas we encountered along the way. Finally, we discuss areas in the hypervisor we’re looking to focus on going forward. --- Eric Ernst Senior Software Engineer Intel - Open Source Technology Center Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project for the last two years and is very excited to be a part of the Kata