Privilege Isolation in Docker Containers – Altiscale
Privilege Isolation Q&A – Dinesh Subhraveti
Demo – Docker and Hadoop 2.0 – Airisdata Inc.,
Speakers: Raymie Stata CEO/Founder – Altiscale, Dinesh Subhraveti — Altiscale
Altiscale has taken experiences at Yahoo, Google, and LinkedIn to rethink and develop a purpose-built, petabyte-scale infrastructure to deliver Hadoop as a cloud service. Privilege Isolation
Docker containerization represents next generation of virtualization. Docker could represent an enormous step forward in flexibility, performance and economies of scale in a cloud infrastructure, or working with Hadoop/YARN.
One of the shortcomings of the current Docker container is that the root user in a virtualized environment automatically acquires root privileges on host system. Altiscale has developed a new feature in Docker called “user namespaces,” which solves this security issue.
More technical details on this feature can be found at
Raymie Stata comes to Altiscale from Yahoo!, where he was Chief Technical Officer. At Yahoo, he played an instrumental role in algorithmic search, display advertising, and cloud computing. He also helped set Yahoo’s Open Source strategy and initiated its participation in the Apache Hadoop project. Prior to joining Yahoo!, Raymie founded Stata Laboratories, maker of the Bloomba search-based e-mail client, which Yahoo! acquired in 2004. He has also worked for Digital Equipment’s Systems Research Center, where he contributed to the AltaVista search engine. Raymie received his PhD in Computer Science from MIT in 1996.
Dinesh Subhraveti is responsible for the multitenancy and virtualization infrastructure at Altiscale. He developed the notion of Operating System level virtualization as a part of his Ph.D., which later came to be known in the industry as Containers. Published in OSDI 2002, his work showed for the first time that enterprise applications can be virtualized and live-migrated. Dinesh applied that research to drive industry’s first Container virtualization product for enterprise Linux applications at Meiosys, the company behind LXC (LinuX Containers) that IBM acquired in 2005. He authored over 35 patents and papers in the areas of virtualization, storage and operating systems, and holds a B.E. degree in computer science from BITS-Pilani, India and M.S., M.Phil., and Ph.D. degrees in computer science from Columbia University, New York.