Загрузка страницы

Gerlof Langeveld - Practical use of Linux capabilities (Full Talk) , at the ORNL CentOS Dojo

Talk Overview : In conventional UNIX systems, processes running under a 'normal' user identity had no specific privileges whatsoever while processes running under the root identity had all special privileges, like the ability to reboot the system, to kill any process, to open raw sockets, etcetera. The capability mechanism implemented by the Linux kernel enables a process to get only a limited set of these privileges, just enough to do the special tasks that this process is supposed to do. Nowadays capabilities are used by systemd to provide specific privileges to services and by Docker to provide specific privileges to the process that is running in a container. Furthermore, capabilities are used as an alternative for setuid executables that enable normal users to run a specific program (like ping) under the root identity. In this presentation I will explain how the capability mechanism works and how systemd, containers and executable files are related to this feature.
From the CentOS Dojo at ORNL - https://wiki.centos.org/Events/Dojo/ORNL2019

Видео Gerlof Langeveld - Practical use of Linux capabilities (Full Talk) , at the ORNL CentOS Dojo канала TheCentOSProject
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
14 мая 2019 г. 11:17:44
00:46:19
Яндекс.Метрика