Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore address space isolation techniques for Linux namespaces in this informative conference talk. Delve into the concept of assigning unique address spaces to namespaces to enhance kernel security and minimize potential damage from exploits. Learn about the proposed extension of SL*B allocators to create "exclusive" caches visible only within specific namespaces, ensuring per-namespace objects are mapped solely in their owning namespace address space. Examine the design of "exclusive" caches and a proof-of-concept implementation targeting network namespaces. Gain insights into topics such as system correlation, map exclusivity, fragmentation, page tables, network namespaces, page allocation, and open questions in this field.
