Container Security

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website will not be available on Tuesday, December 17, from 10:00 am to 2:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience.

If you are trying to register for Enigma 2020, please complete your registration before or after this time period.

Tuesday, October 30, 2018 - 11:45 am12:30 pm

Daniel Walsh, Red Hat


This talk examines all of the technologies used to keep containers separate. We will examine concepts of what needs to be considered when containerization is happening. Whether to run your apps in containers, VMs or on bare metal. It will examine technologies like Linux Capabilities, SECCOMP, SELinux, Device Cgroups, Read Only.

I will talk about new container technologies like KATA Containers which use KVM for separation and advances in the User Namespace.

Daniel Walsh, Red Hat

Consulting engineer at Red Hat leading Container Engineering team. Including CRI-O, Buildah, -podman, containers/storage and containers/image. Docker/Moby project contributor. Led the SELinux project, concentrating on the application space and policy development.

@conference {221744,
author = {Daniel Walsh},
title = {Container Security},
year = {2018},
address = {Nashville, TN},
publisher = {{USENIX} Association},
month = oct,

Presentation Video