2017-06-21: LinuxKit Security SIG Recap


#1

Hi all,

Thank you for joining us during the LinuxKit Security SIG meeting this week!

We’ve compiled the notes and video from this meeting, in case you missed us or would like to revisit the discussion:

The lion’s share of the meeting was a deep dive of LandLock LSM: a Linux Security Module that leverages eBPF to provide robust and unprivileged sandboxing.
Mickaël Salaün, who is the author and maintainer of Landlock, presented slides and a demo of Landlock in action.

We have a Landlock project in LinuxKit which includes the first patchset, if you’d like to give it a try.

We also discussed the state of package signing in LinuxKit, which leverages Notary to provide authenticity, integrity, and freshness guarantees.

Please feel free to comment here if you have any questions about the content.

The next meeting will be held on July 5th at 9am PT, the draft agenda will be posted soon.

Thanks,

Riyaz