Presented by

  • Sergio Prado

    Sergio Prado

    Sergio Prado has been working with embedded systems for more than 25 years. He is an entrepreneur and founder of Embedded Labworks, providing consulting and training services for customers worldwide every year. He is a Linux developer, blogger ( and contributes to several free and open-source projects, including Buildroot, Yocto Project, and the Linux kernel.


It's becoming more and more common to take the container approach to develop and deploy applications on embedded Linux devices. But there is always this tension between completely isolating the containerized application from the host operating system and sharing resources with the host OS so that the application can do its job. Namespaces, bind mounts, cgroups, capabilities, seccomp, AppArmor, SELinux, etc. Several technologies are available to isolate and secure applications running inside containers, but it's not that easy to identify the best approach to adopt for a specific situation. This presentation will be a walkthrough of the main technologies to secure containerized applications on embedded Linux devices, providing the audience a good understanding of the trade-offs between those technologies and how they can be leveraged in real-world products.