I was recently invited to record a session about my project "barco: Linux Container from Scratch in C" (GitHub, blog) with KubeFM, a Kubernetes-focused podcast by Learnk8s. The episode is now live and you can listen to it on all major podcast providers and on YouTube. Thank you, KubeFM, for having me!
In this episode, I talk about:
- Why Linux containers "don't exist" but are the product of several Linux features you can put together and configure properly to get what we know as containers.
- How Kernel features such as cgroups and namespaces isolate a process.
- How you can use seccomp and capabilities to secure the container.
- How to make the right syscall from C to build your own container engine.