Saying Goodbye To Privileged Containers

Session Description

Privileged containers are very insecure as workloads can easily break out of them and gain full access to the host. Yet they are often used in test and production environments. Why? Because many workloads don't run in regular containers. For example, in CI/CD, running Docker or Kubernetes in containers is common but requires privileged containers, creating a security risk. This presentation will describe Sysbox, a new runc which works below Docker and Kubernetes, and uses cutting-edge container technology to enable secure (rootless) containers to run almost any workload that runs in a VM.