Improving Kubernetes and container security with user namespaces

Improving Kubernetes and container security with user namespaces Author: Alban Crequy In this blog post, I will introduce user namespaces, explain why they are useful for containers and how they interact with Linux capabilities and filesystems. Then, I will explain the work we’ve done on two user namespace projects with Netflix: adding unprivileged user namespace […]

Improving Kubernetes and container security with user namespaces Author: Alban Crequy
In this blog post, I will introduce user namespaces, explain why they are useful for containers and how they interact with Linux capabilities and filesystems. Then, I will explain the work we’ve done on two user namespace projects with Netflix: adding unprivileged user namespace support to FUSE and current work we’re doing to enable user namespaces in Kubernetes.
What are user namespaces?
Source: Kinvolk