[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Understanding and Hardening Linux Containers

To: sheflug@xxxxxxxxxxxxxx
Subject: [Sheflug] Understanding and Hardening Linux Containers
From: Richard Ibbotson <richard@xxxxxxxxxxxxxx>
Date: Thu, 27 Oct 2016 20:32:30 +0100
Delivery-date: Thu, 27 Oct 2016 20:33:50 +0100
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sheflug.org.uk; s=default; h=Sender:Content-Transfer-Encoding:Content-Type: Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject: MIME-Version:Message-ID:Date:To:From:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Owner:List-Archive; bh=4VxvdJp5Rw1+/A0+JDjk/sVn1Qsl4tL3f64KGKCpwjA=; b=Ne3GH0r0HlR4paQZzBjzZ9JT6A kzU5yGg0FiSVBL0aEXMli/GyQxIwzZroFUnR13QY1YSCvlLQn61zfCYB1vbd1NPUyVP9ISt0HbU6i qGbdZKod6RbyXH6wVSj79Ls5QbarP2ZTKujXXkpA1fmfbv1jqp/VGRwoBAj89WNxDDwV91leOWRhP cJBuhhp9S3gFl1cN8Oq8xkovF6dV8AB06NzML1HaVOb01a3ggFbnv9zzOcd0tG17u2f6LNvEmig8d lRf60NoKzkfUCyiD9zgHfkrtHaSY8UcPmevA8wXvU7H/zff9nEpcsedQBZ67OE6or+NI8niuZlZtf fm9mpQDg==;
Envelope-to: sheflug@xxxxxxxxxxxxxx
List-help: <mailto:sheflug-request@sheflug.org.uk?subject=help>
List-id: <sheflug.sheflug.org.uk>
List-post: <mailto:sheflug@sheflug.org.uk>
List-subscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://sheflug.org.uk/mailman/options/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=unsubscribe>
Organization: Sheffield Linux User's Group
Reply-to: sheflug@xxxxxxxxxxxxxx
Sender: "Sheflug" <sheflug-bounces@xxxxxxxxxxxxxx>
User-agent: KMail/5.1.3 (Linux/4.4.0-42-generic; KDE/5.23.0; x86_64; ; )

Hi

https://www.nccgroup.trust/us/our-research/understanding-and-hardening-linux-containers/

Containers can be a controversial topic.  Some people think they are a 
good thing.  Some people think that you would do a better job on data 
centre security if you put a red flashing sign over the front door and 
leave the door open.  Whatever your point of view this white paper 
might be of some use to you....

"   Operating System virtualisation is an attractive feature for 
efficiency, speed and modern application deployment, amid questionable 
security. Recent advancements of the Linux kernel have coalesced for 
simple yet powerful OS virtualisation via Linux Containers, as 
implemented by LXC, Docker, and CoreOS Rkt among others. Recent 
container focused start-ups such as Docker have helped push containers 
into the limelight. Linux containers offer native OS virtualisation, 
segmented by kernel namespaces, limited through process cgroups and 
restricted through reduced root capabilities, Mandatory Access Control 
and user namespaces.  "

-- 
Richard

_______________________________________________
Sheffield Linux User's Group
http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
FAQ at: http://www.sheflug.org.uk/mailfaq.html

GNU - The Choice of a Complete Generation

Prev by Date: [Sheflug] Automatic Image Colourisation with Simultaneous Classification
Next by Date: Re: [Sheflug] Server Down Time
Previous by thread: [Sheflug] Automatic Image Colourisation with Simultaneous Classification
Next by thread: [Sheflug] ShefLUG - November 2016 Meeting
Index(es):
- Date
- Thread