The presentation discusses the implementation of forensic container checkpointing in Kubernetes and other container engines, allowing for the analysis of containers without stopping them. The implementation involves taking a checkpoint of a running container and analyzing it in a sandbox environment.
- Forensic container checkpointing allows for the analysis of containers without stopping them
- The implementation involves taking a checkpoint of a running container and analyzing it in a sandbox environment
- The checkpoint archive is only readable by root to ensure security
- The use cases for forensic container checkpointing include reboot and save state, quick startup, and analyzing containers for potential issues
The presenter shared an anecdote about a company that uses privileged containers in Kubernetes to start a pre-initialized Matlab container for customers, as Matlab takes a long time to start up. With forensic container checkpointing, the company could take a checkpoint of the pre-initialized container and start it up quickly for customers without the need for privileged containers.