System Programming for Linux Containers Training

Course code: M7D-SPLC02

• Course overview
• Course details
• Onsite and virtual onsite courses
• Public courses: upcoming dates, prices, and booking
• About the trainer
• Contact

Download System Programming for Linux Containers course description (PDF)

Course overview

This course provides a deep understanding of the Linux technologies (namely, set-UID/set-GID programs, capabilities, namespaces, cgroups, and seccomp) used to implement container, virtualization, and sandboxing systems. (These are the technologies used to build systems such as Docker, LXC, Firejail, and Flatpak.) The course also provides an understanding of the core APIs used to build system-level applications that run on such systems. Detailed explanations and carefully designed practical exercises provide participants with the knowledge needed both to troubleshoot container and sandboxing systems and to write complex applications that run on those systems. (The course does not cover administering container systems such as Docker and LXC, but by completion of the course participants will have a good understanding of various aspects of the underlying implementation and operation of such systems.)

• Courses are normally five days long, and are delivered either live online, at a public training location, or on-site at customer premises. The content may vary a little, according to specific requests and time constraints, but in broad terms includes the following topics:
  
  
  • Ramp-up on fundamental system programming topics (file I/O, processes, signals, process lifecycle, executing programs)
  • Cgroups
  • Seccomp
  • Classical privileged programs (set-UID, set-GID) and secure programming
  • Capabilities
  • Namespaces (UTS, mount, network, IPC, time, PID, cgroup, and user namespaces)
  • User namespaces in detail
  
  A more detailed list of topics can be found here.
  
  
• The course includes extensive practical sessions, some involving experiments from the shell while others involve writing programs (typically in C).
  
  

Related courses

Note that this course is similar to the 4-day Linux Security and Isolation APIs (M7D-SECISOL02) course, but with the addition of an initial day that covers a range of fundamental system programming topics.

Parts of this course are also available in smaller pieces:

• Linux Capabilities and Namespaces (M7D-CAPNS01, 2 days)
• Linux Control Groups (Cgroups) (M7D-CGROUPS02, 1 day)

For a picture of how these courses interrelate, see the course overview.

Course details

Course outline.

The course employs a lecture+lab format.

Audience and prerequisites

The audience for this course includes designers and developers who are building, troubleshooting, and administering system-level applications for Linux-based container systems.

In order to get the most out of the course, participants should have:

• At least a good reading knowledge of the C programming language. (Note, however, that, except on the first day of the course only a small number of the exercises require writing programs.)
• A knowledge of basic UNIX/Linux shell commands.
• A basic knowledge of make(1) is helpful, but not essential.

Note: previous system programming experience is not required.

Lab sessions

A significant part of the course is spent on practical exercises. The lab sessions also provide participants with the opportunity to obtain one-to-one assistance from the trainer on the course material and exercises.

Course materials

Course participants receive course books of around 500 pages. The course books include all of the slides and exercises presented in the course. Some notable features of the course books are the following:

• The course books have been developed by the trainer, and they are constantly updated based on ongoing changes in the Linux kernel, the GNU C library, and the POSIX standards as well as practical teaching experience in courses.
• The course books are closely integrated with The Linux Programming Interface (TLPI), via numerous references to precise locations in TLPI with more detail on various topics covered in the course.
• The course books include many example programs and exercises not found in TLPI.

In addition to the course book, participants receive a copy of The Linux Programming Interface, in either ebook or printed form (or, when possible, both).

The following samples gives some idea of the course content and style of the course materials:

• Part of the User Namespaces and Capabilities course module.
• The Control Groups v2 Introduction course module.
• Part of the Seccomp course module.

Onsite and virtual onsite courses

For onsite and virtual onsite courses, please email training@man7.org regarding availability and pricing.

Public courses: upcoming dates, prices, and booking

Online courses in Europe timezones are normally timed around Berlin time, starting at 08:00, 08:30, or 09:00. Online courses in Americas timezones are normally timed around New York time, starting at 09:00 or 10:00. Depending on the length of breaks, classes typically run for 8 to 8.5 hours per day.

For public 5-day online courses, the per-attendee price is €3300 reduced to €3200 when booked (and either paid or a company purchase order is supplied) at least 4 weeks before the start of the course. (In addition, 19% German VAT is charged for participants attending from German locations; 19% German VAT is also applicable for private attendees in any location in the European Union without a VAT ID.)

Currently (and for the foreseeable future), public versions of this course are delivered only in online format.

Discounts are available for multiple attendees from the same company or organization; please inquire at training@man7.org for details.

About the trainer

Michael Kerrisk has a unique set of qualifications and experience that ensure that course participants receive training of a very high standard:

• He has been programming on UNIX systems since 1987 and began teaching UNIX system programming courses in 1989.
• He is the author of The Linux Programming Interface, a 1550-page book widely acclaimed as the definitive work on Linux system programming.
• He is actively involved in Linux development—working with kernel developers on testing, review, and design of new Linux kernel-user-space APIs.
• From 2004 to 2021, he was the maintainer of the Linux man-pages project, which provides the manual pages documenting the Linux kernel-user-space and GNU C library APIs.

For more information about the trainer, as well as many reasons why you might want to consider choosing man7.org training courses, please see reasons to choose man7.org training,

Contact

For further inquiries about the course, please get in contact via one of the following methods:

• Email: training@man7.org
• Phone: +49 (89) 2155 2990 (German landline)

Mailing list

If you would like to be added to a mailing list to receive notifications of public training courses that are scheduled in the future, send a mail (noting your location) to training@man7.org.