Markdown Content - DevConf 2021: Virtual CZ: Understanding Root Inside and Outside of a Container

---
# DevConf 2021: Virtual CZ: Understanding Root Inside and Outside of a Container

**URL:** https://crunchtools.com/devconf-2021-understanding-root/
Date: 2021-02-23
Author: fatherlinux
Post Type: post
Summary: This presentation is a 16 slide introduction to what must be thought about when building a production cloud. Proper image management is critical engineering task.Continue Reading "DevConf 2021: Virtual CZ: Understanding Root Inside and Outside of a Container" →
Categories: Presentations
Tags: Container Engines, Container Images, Open Source Software, Red Hat
Featured Image: https://crunchtools.com/wp-content/uploads/2021/02/Screenshot-from-2021-02-23-11-58-07.png
---

## Abstract

Do you run your containers as root, or as a regular user? It’s such a deceptively simple question. You might be tempted to answer too quickly. Is the threat model really crystal clear in your mind? I have a suspicion that it might not be. This workshop is intended to help clarify.

Before you can answer the question above, you need to determine if we are talking about the container engine (Podman, Docker, CRI-O, containerd, etc), the process inside of the container (apache, postgresql, mysql, etc) or the process ID the container is mapped to (all three can be different). At first glance, this might not be obvious. Either the container engine or its sub-process in containers can be run as virtually any user. This workshop will walk through understanding root inside and outside the container so that you can better model threads, risks and mitigation with containers.

## Presentation

	- [Schedule](https://devconfcz2021.sched.com/event/gmSP/understanding-root-inside-and-outside-a-container)

	- [Google Slides](https://docs.google.com/presentation/d/1YrTkY0chU9hIoIUtQWjgibaChD-OFb7YCexGgaKfeaM/edit#slide=id.g547716335e_0_220)

	- [YouTube](https://youtu.be/sZEwUW7-yGM)

---

## Categories

- Presentations

---

## Navigation

- [Home](https://crunchtools.com/)
- [Articles](https://crunchtools.com/category/articles/)
- [Events](https://crunchtools.com/category/events/)
- [News](https://crunchtools.com/category/news/)
- [Presentations](https://crunchtools.com/category/presentations/)
- [Software](https://crunchtools.com/software/)
- [Beaver Backup](https://crunchtools.com/software/beaver-backup/)
- [Check BGP Neighbors](https://crunchtools.com/software/check-bgp-neighbors-nagios/)
- [Chev](https://crunchtools.com/software/chev-check-vulnerabilities-script/)
- [Graph BGP Neighbors](https://crunchtools.com/software/grpah-bgp-neighbors/)
- [Graph MySQL Stats](https://crunchtools.com/software/graph-mysql-stats/)
- [Graph Sockets Pipes Files](https://crunchtools.com/software/graph-sockets-pipes-files/)
- [MCP Servers](https://crunchtools.com/software/mcp-servers/)
- [Petit](https://crunchtools.com/software/petit/)
- [Racecar](https://crunchtools.com/software/racecar/)
- [Shiva](https://crunchtools.com/software/shiva/)
- [About](https://crunchtools.com/about/)
- [Home](https://crunchtools.com)

## Tags

- Container Engines
- Container Images
- Open Source Software
- Red Hat