Presentation: Securing services and containers: rkt meets systemd
systemd provides many features and knobs to improve the security of traditional Linux services. rkt is a container runtime engine designed with security and modularity in mind. The core execution unit in rkt is a pod, a grouping of one or more applications in an isolated environment. By leveraging systemd as the main execution engine of the pod, rkt is able to bring all recent security countermeasures to the container ecosystem, while contributing to improve systemd maturity.
This talk will provide an overview of several recent systemd security features, explain how they are relevant in containerized environments, and show how rkt makes use of them.
The presentation is aimed at anybody interested in Linux security, familiar with managing traditional services via systemd, or interested in deploying and running containerized services.