The Linux Foundation Embedded Linux Conference 2013 Namespaces for Security By Jake Edge San Francisco, California Namespace support has been growing in the Linux kernel, so there are now a number of ways that namespaces can be used to help protect Linux systems (embedded or otherwise) from exploits. Using namespaces (in particular, the mount, network, and user namespaces) can isolate processes in ways that will prevent some types of vulnerabilities from compromising more of the system. Namespaces can be used as part of a "defense in depth" strategy to avoid the harm (or most of the harm) from exploits of vulnerable user-space applications. This talk will be for developers of embedded systems, particularly "system level" developers. It will assume some knowledge of C and Linux, but not require in-depth knowledge of either. Participants can expect to come away with a good foundation on what namespaces are and can do, along with concrete ideas of how to use namespaces in their projects.