Personal blog of Christian Brauner

Listing all mounts in all mount namespaces

Mounting into mount namespaces

An excursion into a mount propagation bug

Managing a kernel patch series with b4

The Seccomp Notifier - Cranking up the crazy with bpf()

The Seccomp Notifier - New Frontiers in Unprivileged Container Development

Slides for Kernel Recipes, Paris 2019: pidfd: Process file descriptors on Linux

Slides for Open Source Summit (OSS) North America, San Diego 2019: New Container Kernel Features

Linux Kernel VFSisms

Runtimes And the Curse of the Privileged Container