An introduction on the basic concepts underpinning a container manager: understanding what OCI images are, how they’re structured, and how to use them as rootfs. From there, we’ll dive into the core Linux primitives that make rootless containers possible: namespaces for isolation, UID/GID mappings and dropping privileges.

The talk will use my project Lilipod https://github.com/89luca89/lilipod as an example on what and how all of this has been implemented