BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2025//UNJXNH
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-FE98ZY@cfp.all-systems-go.io
DTSTART;TZID=CET:20250930T093000
DTEND;TZID=CET:20250930T101000
DESCRIPTION:Linux lacks a coherent security model\, and by extension we nev
 er defined one for the systemd project either.\n\nIn this talk I'd like to
  start changing this\, and begin defining some general security design gui
 delines that we so far mostly followed implicitly\, and make them more exp
 licit. After all\, systemd to a large degree is involved in security subsy
 stems\, from SecureBoot\, Measured Boot & TPM\, to its service sandboxing\
 , dm-verity/dm-crypt support\, its FIDO2/PKCS#11 hookups\, its many securi
 ty boundaries\, secure parameterization\, Linux Security Module initializa
 tion and more.\n\nWhile this distributions & applications consuming system
 d might follow different security models I think it's important to talk ab
 out a unified vision from the systemd upstream perspective\, even if vario
 us downstreams then make modifications or only deploy a subset of it.
DTSTAMP:20260315T015105Z
LOCATION:Loft
SUMMARY:A Security Model for systemd - Lennart Poettering
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/FE98ZY/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-PXZGEL@cfp.all-systems-go.io
DTSTART;TZID=CET:20250930T115500
DTEND;TZID=CET:20250930T122000
DESCRIPTION:Let's have an open discussion with systemd developers who are a
 t ASG and users in the audience. We will open with the developers saying w
 hat they plan to work on in the near future\, and then allow questions / c
 omments from the audience.
DTSTAMP:20260315T015105Z
LOCATION:Loft
SUMMARY:systemd: round table - Lennart Poettering\, Luca Boccassi\, Zbignie
 w Jędrzejewski-Szmek\, Daan De Meyer\, Mike Yuan\, Yu Watanabe
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/PXZGEL/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-E7FHPY@cfp.all-systems-go.io
DTSTART;TZID=CET:20251001T100000
DTEND;TZID=CET:20251001T104000
DESCRIPTION:Many traditional container engines make use of the "subuid" con
 cept and the "newuidmap" tool to implement a concept of "unprivileged" use
 r-namespace containers on Linux. This approach has many shortcomings in my
  PoV\, from both a security and scalability standpoint.\n\nRecent systemd 
 versions provide a more powerful\, more secure\, mor scalable alternative\
 , via systemd-nsresourced\, systemd-mountfsd and other components.\n\nIn t
 his talk I want to shed some light on the problems with the "old ways"\, a
 nd in particular focus on what the "new ways" bring to the table\, and how
  to make use of them in container runtimes.
DTSTAMP:20260315T015105Z
LOCATION:Loft
SUMMARY:Unprivileged Containers\, with Transient User Namespaces and ID Map
 ping\, but Without SETUID Binaries - Lennart Poettering
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/E7FHPY/
END:VEVENT
END:VCALENDAR