Container Security Boundaries (and How to Escape Them!)

How do containers provide a security boundary? In this video we go deeper than the typical "containers and VMs share the host kernel" answer to the task_struct, nsproxy, and capability bitfields that actually define what a containerized process can see and do. EscapePod Repo — https://github.com/rhburt/escapepod Awsome conference talk by Liz Rice that introduced me to this topic:    • Containers From Scratch • Liz Rice • GOTO ...   OWASP Docker Security Cheat Sheet: https://cheatsheetseries.owasp.org/ch... Linux man page — unshare(1): https://man7.org/linux/man-pages/man1... Linux kernel source — task_struct: https://elixir.bootlin.com/linux/late... Music from #Uppbeat (free for Creators!): https://uppbeat.io/t/walz/golden-age License code: P0YOW73JABWJIXNI