Introduction

While exploring the Linux kernel we discovered a fun side-channel that allows for cross-container communication in the most common, default container deployment scenarios on modern kernels. This is cool because it doesn’t require sharing volume mounts, nor does it involve modifying any of the default namespaces (NET, PID, IPC, etc.), or adding special privileges (no new CAP_-abilities, nor changes to seccomp or AppArmor). It works out of the box with default Docker and Kubernetes configurations, and it even works with no network at all, as we demonstrate in this post by using docker run --network none sidechannel /h4x0rchat to showcase a full cross-container IRC-style chatroom implemented on top of this side-channel.

Phil Eaton’s book club is starting The Art of Multiprocessor Programming, 2nd Edition , which is a very well regarded textbook, and pretty recently updated (2021). I’ve even heard of a couple of authors.

I’ve done a lot of concurrent programming, and have always felt like I’ve still got plenty to learn, so I was excited for the topic. So far, what I’ve learned is that I would never recommend this book, despite any merits.