More talks in the program:
16:45 - 17:45
Not all containers are trustworthy – and even those you build yourself can be hacked. Malicious software might be included in the images, or downloaded into the container at runtime. While generic containers should keep the bad guys contained (hence, the name) it is possible to further improve security by limiting which system calls a container may execute. In this talk we’ll explain what system calls are, exactly how to filter them with Kubernetes and Docker, and how doing so improves security.