Internships/ProjectIdeas/EncryptedStorageInVMBasedContainerRuntimes

From QEMU
Revision as of 16:21, 17 February 2022 by Stefanha (talk | contribs) (Created page with "'''Summary:''' Create encrypted storage using VM-based container runtimes The Linux cryptsetup(8) tool requires root privileges to encrypt storage with LUKS. However, privile...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary: Create encrypted storage using VM-based container runtimes

The Linux cryptsetup(8) tool requires root privileges to encrypt storage with LUKS. However, privileged containers are generally discouraged for security reasons. A possible solution to avoid extra privileges is using VM-based container runtimes (e.g crun with libkrun or kata-containers) and running the storage encryption tool inside the VM.

This internship focusses on a proof-of-concept for integrating and extending the crun container runtime with libkrun in order to create encrypted storage without root privileges. The initial step will focus on creating encrypted images to demonstrate the feasibility and the necessary changes in the software stack. If the timeframe allows it, an interesting follow-up to the first step is the encryption of persistent storage using block-based volumes.

This project will expose you to container runtimes and virtual machines. You must be willing to dig into different source codes like crun (written in C), libkrun (written in Rust), and possibly podman or other kubernetes/containers projects (written in Go).

Links:

Details:

  • Language: C, Rust, golang
  • Skills: containers and virtualization would be a big plus
  • Mentor: Alice Frosi <afrosi@redhat.com>, Co-mentor: Sergio Lopez Pascual <slp@redhat.com>
Retrieved from "https://wiki.qemu.org/index.php?title=Internships/ProjectIdeas/EncryptedStorageInVMBasedContainerRuntimes&oldid=10764"