Presented at the Core C++ 2023 conference.
User namespaces are at the heart of many interesting Linux technologies that allow isolation and sandboxing of applications, for example running containers without root privileges and sandboxes for web browser plug-ins. In this presentation, we’ll look in detail at user namespaces, building up a basic understanding of what a user namespace is and going on to questions such as: what does being "superuser inside a user namespace" allow you to do (and what does it not allow); and what is the relationship between user namespaces and other namespace types (PID, UTS, network, etc.)? We’ll also employ some simple shell commands to create and experiment with user namespaces in order to better understand how they work.
-----
Michael Kerrisk is a trainer, author, and programmer who has a passion for investigating and explaining software systems. He is the author of "The Linux Programming Interface", a widely acclaimed book on Linux (and UNIX) system programming. He has been actively involved in the Linux development community since 2000, operating mainly in the area of testing, design review, and documentation of kernel-user-space interfaces and was for many years the maintainer of the Linux "man-pages" project, which provides the primary documentation for Linux system calls and C library functions. Michael is a New Zealander, living in Munich, Germany.