Gerlof Langeveld - Practical use of Linux capabilities (Full Talk) , at the ORNL CentOS Dojo
Talk Overview : In conventional UNIX systems, processes running under a 'normal' user identity had no specific privileges whatsoever while processes running under the root identity had all special privileges, like the ability to reboot the system, to kill any process, to open raw sockets, etcetera. The capability mechanism implemented by the Linux kernel enables a process to get only a limited set of these privileges, just enough to do the special tasks that this process is supposed to do. Nowadays capabilities are used by systemd to provide specific privileges to services and by Docker to provide specific privileges to the process that is running in a container. Furthermore, capabilities are used as an alternative for setuid executables that enable normal users to run a specific program (like ping) under the root identity. In this presentation I will explain how the capability mechanism works and how systemd, containers and executable files are related to this feature.
From the CentOS Dojo at ORNL - https://wiki.centos.org/Events/Dojo/ORNL2019
Видео Gerlof Langeveld - Practical use of Linux capabilities (Full Talk) , at the ORNL CentOS Dojo канала TheCentOSProject
From the CentOS Dojo at ORNL - https://wiki.centos.org/Events/Dojo/ORNL2019
Видео Gerlof Langeveld - Practical use of Linux capabilities (Full Talk) , at the ORNL CentOS Dojo канала TheCentOSProject
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Gerlof Langeveld - Practical use of Linux capabilitiesWhat is RPA (Robotic Process Automation)?6. Capabilities"Large Pages in Linux" - Matthew Wilcox (LCA 2020)Linux Privilege Escalation : CAPABILITIESLinux Internals: Virtual File System (VFS)How Docker Works - Intro to NamespacesOverview and Recent Developments: Namespaces and Capabilities - Christian Brauner, Canonical Ltd.Linux Performance Tools, Brendan Gregg, part 1 of 2how DNS works!Security-Enhanced Linux for mere mortalsWhat is a kernel - Gary explainsThe Difference Between Robotic Process Automation, Machine Learning, and Artificial IntelligenceContainers unplugged: Linux namespaces - Michael KerriskSteven Rostedt - Learning the Linux Kernel with tracingUnderstanding the Linux Boot Process - CompTIA Linux+, LPIC-1History of Gnu, Linux, Free and Open Source Software (Revolution OS)SELinux (Security Enhanced Linux) Full course. RHCSA, LFCS, CompTIA Linux+ full domain coverage.Linux Capabilitiescollectd in dynamic environments