Many talks about containers start with Orchestration systems like Docker or Kubernetes. However, this one will look at the storage impacts on the actual in-kernel container API. With the addition of the superblock namespace (essentially a user namespace for the kernel to filesystem boundary) much of the stage is now set for fixing one of the biggest underlying container problems: that of translating unprivileged container writes into real filesystem uid/gids. This talk will examine how this system works, why it is necessary and what pieces still need to be added for orchestration systems to make use of it, what the problems are, what happened at the Linux Storage, Filesystems and Memory management summit and how we might move forwards.

James Bottomley, IBM Research

The slides of the talk