BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.all-systems-go.io//E7FHPY
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-all-systems-go-2025-E7FHPY@cfp.all-systems-go.io
DTSTART;TZID=CET:20251001T100000
DTEND;TZID=CET:20251001T104000
DESCRIPTION:Many traditional container engines make use of the "subuid" con
 cept and the "newuidmap" tool to implement a concept of "unprivileged" use
 r-namespace containers on Linux. This approach has many shortcomings in my
  PoV\, from both a security and scalability standpoint.\n\nRecent systemd 
 versions provide a more powerful\, more secure\, mor scalable alternative\
 , via systemd-nsresourced\, systemd-mountfsd and other components.\n\nIn t
 his talk I want to shed some light on the problems with the "old ways"\, a
 nd in particular focus on what the "new ways" bring to the table\, and how
  to make use of them in container runtimes.
DTSTAMP:20260305T234641Z
LOCATION:Loft
SUMMARY:Unprivileged Containers\, with Transient User Namespaces and ID Map
 ping\, but Without SETUID Binaries - Lennart Poettering
URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/E7FHPY/
END:VEVENT
END:VCALENDAR