Linux Security and Isolation APIs Fundamentals Training

Course code: M7D-SISINTRO01

• Course overview
• Course details
• Onsite courses
• Public courses: upcoming dates and pricing
• About the trainer
• Contact

Download Linux Security and Isolation APIs Fundamentals course description (PDF)

Course overview

This course provides an introduction to the low-level Linux features (set-UID/set-GID programs, capabilities, namespaces, cgroups, and seccomp) used to implement privileged applications and build container, virtualization, and sandboxing technologies.

• Courses are two days long and are delivered either live online, at a public training location, or on-site at customer premises. The course covers the following topics:
  
  
  • Classical privileged programs (set-UID and set-GID programs)
  • Capabilities
  • Namespaces (mount, PID, and user namespaces)
  • Cgroups (version 2)
  • Seccomp (if time permits)
  
  A more detailed list of topics can be found here.
  
  
• The course includes extensive practical sessions.
  
  

Related courses

This course is an abridged version of the 4-day Linux Security and Isolation APIs (M7D-SECISOL02) course, which provides even more detailed coverage of the same topics.

Course details

Course outline.

The course employs a lecture+lab format.

Audience and prerequisites

The primary audience comprises designers and programmers building privileged applications, container applications, and sandboxing applications. Systems administrators who are managing such applications are also likely to find the course of benefit.

In order to get the most out of the course, participants should have:

• At least a good reading knowledge of the C programming language. (Note, however, that none of the course exercises require writing programs.)
• A knowledge of basic UNIX/Linux shell commands.
• A basic knowledge of make(1) is helpful, but not essential.

Note: participants are assumed to have knowledge of some fundamental Linux/UNIX system programming concepts including: file descriptors and file I/O system calls; basics of programming with signals; and the system calls that define the lifecycle of a process (fork(), execve(), wait(), exit()). Such knowledge is provided in any of the following courses:

• Linux/UNIX System Programming Essentials (M7D-SPESS01, 1 day)
• Linux/UNIX System Programming Fundamentals (M7D-SPINTRO01, 2 days)
• Linux/UNIX System Programming (M7D-LUSP01, 5 days)

Lab sessions

A significant part of the course is spent on practical exercises. The lab sessions also provide participants with the opportunity to obtain one-to-one assistance from the trainer on the course material and exercises.

Course materials

Course participants receive course books of around 250 pages. The course books include all of the slides and exercises presented in the course.

The course book has been developed by the trainer, and is constantly updated based on ongoing changes in the Linux kernel, as well as practical teaching experience in courses.

In addition to the course book, participants receive a copy of The Linux Programming Interface, in ebook form.

The following samples give some idea of the course content and style of the course materials:

• Part of the Control Groups v2 Introduction course module.
• Part of the User Namespaces and Capabilities course module.

Onsite courses

For onsite courses at your location, please email training@man7.org regarding availability and pricing.

Public courses: upcoming dates and pricing

About the trainer

Michael Kerrisk has a unique set of qualifications and experience that ensure that course participants receive training of a very high standard:

• He has been programming on UNIX systems since 1987 and began teaching UNIX system programming courses in 1989.
• He is the author of The Linux Programming Interface, a 1550-page book widely acclaimed as the definitive work on Linux system programming.
• He is actively involved in Linux development—working with kernel developers on testing, review, and design of new Linux kernel-user-space APIs.
• Since 2004, he has been the maintainer of the Linux man-pages project, which provides the manual pages documenting the Linux kernel-user-space and GNU C library APIs.

For more information about the trainer, as well as many reasons why you might want to consider choosing man7.org training courses, please see reasons to choose man7.org training,

Contact

For further inquiries about the course, please get in contact via one of the following methods:

• Email: training@man7.org
• Phone: +49 (89) 2155 2990 (German landline)

Mailing list

If you would like to be added to a mailing list to receive notifications of public training courses that are scheduled in the future, send a mail (noting your location) to training@man7.org. Likely future locations are Europe and USA West Coast, but other locations may also be possible, especially if they can be scheduled to coincide with an interesting conference.