COV882: Resource Virtualization With Containers
I semester: 2022-23
Tanu Malik
Class Timings: TBD. (The course will begin from Sept. 26th)
Room: TBD.
Overview
This course will provide an introduction to Linux containers, which virtualize different system resources.
It will provide a hands-on experience with the Linux infrastructure used for creating containers, provision
containers with different resource requirements, and operate them in privileged and non-privileged
settings. The overall goal is to develop a deeper knowledge of Linux system calls and appreciation
of systems concepts of isolation and file layering. We will also examine alternative isolation and file
layering approaches (e.g., chroot, seccomp, ebpf)
Textbooks and notes
- Michael Kerrisk, The Linux Programming Interface: A Linux and UNIX System Programming Handbook. No Starch Press; 1st edition.
TLPI ISBN-13: 978-1593272203
Lecture Schedule
The material to be covered in this course is divided into 6 lectures of 2.5 hours each.
A lecture overview is provided. If there is interest, additional units may be covered.
- Unit 1: Introduction: Difference between abstraction vs virtualization. Difference between virtualiza-
tion and containers. The Linux user vs kernel mode. System calls and errors. Quick review of
some system calls via an example. HW1.
- Unit 2: Resource protection. Permissions, Principle of Privilege. Privileged process. Acquiring Privileges.
User and Group IDs. Setuid bit. The chroot jail. Breaking the jail via symbolic and hard links. HW2.
- Unit 3: Namespaces. System calls for namespace management: clone, setns, unshare. Different types of namespaces. Examples. Orphans and Zombies. Nested namespaces. Introduction to the project. HW3.
- Unit 4: Storage in containers. Mount Namespaces. Shared subtrees. Bindable Vs unbindable mounts. Union mounts. Layering in Docker. Pivoting root vs chrooting. A bare bones container. Course Project.
- Unit 5: User namespaces. Privilege in Docker containers. Accounting in Linux and use of Cgroups.
secomp and auditd.
- Unit 6: Network and IPC Namespaces. Review of HW and project.
Homeworks
We will use AWS cloud machines. An inital tutorial will cover use of AWS EC2.
Prerequisites
- Operating Systems.
- Programming skill. Comfortable with C and GDB. High comfort level with basic UNIX/Linux
shell commands.
Evaluation
TBA.
Tanu Malik