October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Back To Schedule
Wednesday, October 5 • 15:40 - 16:30
VM-based Secure Container - Zhang Wei & Claudio Fontana, Huawei

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Due to sharing the same kernel, native containers may never provide alone enough isolation and security without being run inside virtual infrastructure. Wei & Claudio have been workiing on a new VM-based Secure Container based on “RunV” which is an open source and an OCI-compatible runtime similar to “RunC”.

In the RunV community Wei has been working with developers from hyper.sh to make RunV compatible to the Docker API, so that it can integrate with higher level frameworks like Kubernetes and OpenStack and be deployable as easily as native containers.

Claudio has been optimizing virtualization components for this use case, removing legacy features and employing existing methods (Clear Containers) and new ways to boot quickly, decrease overheads, and improve performance. Novel work in the virtualizer and virtual firmware enables further improvements at the expense of fidelity to PC compatibility.


Wei Zhang

Zhang Wei & Claudio Fontana are both working for Huawei, in Beijing, China and Munich, Germany respectively. Zhang Wei is an active Docker contributor since 2015, with some speaking experience in the local circles.

Wednesday October 5, 2016 15:40 - 16:30 CEST