Wednesday, January 11, 2017

Boston Linux Meeting Wednesday, January 18, 2017 - Red Hat OCID and Container Security

When: January 18, 2017 7PM (6:30PM for Q&A)
Topic: Red Hat OCID and Container Security
Moderator: Daniel J Walsh , Lead SELinux Engineer , Red Hat Software

Location: MIT Building E-51, Room 315

Red Hat's new OCID container system, an alternative to Docker

OCID (CRI-O) is a container runtime to be used with the Kubernetes
Kublet. Specifically, it implements the Kubelet Container Runtime
Interface (CRI) using OCI conformant runtimes. The goal of the OCID is
to optimize running of containers in production, via Kubernetes and

At a high level, we expect the scope of OCID:

Support multiple image formats including the existing Docker image format
Support for multiple means to download images including trust & image
Container image management (managing image layers, overlay filesystems, etc)
Container process lifecycle management
Monitoring and logging required to satisfy the CRI
Resource isolation as required by the CRI

Second part of the talk will cover Container Security. We will cover all
parts of container security from the importance of the kernel, to where
you should run your containers, container separation and what you should
run inside

Red Hat's OCID is a Docker Alternative, But Not a Fork :
Running production applications in containers: Introducing OCID :

For further information and directions please consult the BLU Web site
Please note that there is usually plenty of free parking in the E-51
parking lot at 2 Amherst St, or directly on Amherst St.

After the meeting we will adjourn to the official after meeting meeting
location at The Cambridge Brewing Company
Jerry Feldman <>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90

Announce mailing list