LPC 2021 presentation - Kernel cgroups and namespaces: Can they contribute to FFI claims?



I noticed the interesting contribution by Bruce Benson and Priyanka Verma at the recent LPC, suggesting usage of cgroups and namespaces to support FFI claims.

The talk was mainly an introductory tutorial clarifying the technical features of cgroups and namespaces, and is fundamental for those who are not familiar with these basic Linux kernel features.

However, having missed the presentation itself, I don't see from the slides if the safety aspects were discussed in the talk.

Some questions are included in the final slide (e.g., Can we rely on containers for temporal FFI?  What is the role of containers if we have an external flow control monitor?)

And in a more general sense, what are the criteria for acceptance of such kernel features as the basis for safety claims such as FFI?

@Paul Albertella – I would hope that your new WG will be helpful to make clear guidelines on such questions.



Join devel@lists.elisa.tech to automatically receive all group messages.