Process with modern kernels like Linux and NT kernel 4 kernel hardware process ①Requests with system calls ● File access ● Hardware access ● Inter process communication ②access access × × access 〇 〇 process
Two types of containers 7 System container (for full featured OS environment) Application container (for only one application like Docker container) container Environment for all apps container app app Environment for an app app
Security risks ● The required steps to attack other process 8 kernel kernel hardware hardware container プロセス プロセス process Virtual machine container Virtual machine Virtual hardware kernel process ① process ① process ② ② ③ ④
Various container runtimes ● System call steps 9 runC(basic way) Kata Containers gVisor Namespace app kernel VM app kernel kernel app Userland kernel kernel hardware ① ② ① ② ① ② ④ ③ ⑤
sat
mii3king
tbshiki
hankehly
line_developers
soracom
alexanderbyndyu
gotok365
doradora09
takahana
kawaguti
hato3isfriend
kthrtty
matthewcrist
roundedbygravity
eileencodes
tammielis
denniskardys
mclloyd
chrislema
ammeep
bkeepers
thoeni
notwaldorf
hursman