Can I haz non-privileged containers?
In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
Takeaways:
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
YOU MAY ALSO LIKE:
- Kubernetes: Master Application Deployment and Scaling with Daniele Polencic (in London on 28th - 29th June 2018)
- ProgNET London 2018 (in London on 12th - 14th September 2018)
- Introduction to Docker Fundamentals (in London on 24th - 25th September 2018)
- Advanced Docker for Enterprise Operations (in London on 1st - 2nd October 2018)
Thanks to our sponsors
Can I haz non-privileged containers?
Nic Jackson
Nic Jackson is a software engineering evangelist working for notonthehighstreet.com, with over 20 years experience in software development and leading software development teams. A huge believer that the rise of Docker and container solutions is a positive transformation for the way we develop, deploy and maintain software.
-
SkillsCast
In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
Takeaways:
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
YOU MAY ALSO LIKE:
- Kubernetes: Master Application Deployment and Scaling with Daniele Polencic (in London on 28th - 29th June 2018)
- ProgNET London 2018 (in London on 12th - 14th September 2018)
- Introduction to Docker Fundamentals (in London on 24th - 25th September 2018)
- Advanced Docker for Enterprise Operations (in London on 1st - 2nd October 2018)
Thanks to our sponsors
-
About the Speakers
Can I haz non-privileged containers?
Nic Jackson
Nic Jackson is a software engineering evangelist working for notonthehighstreet.com, with over 20 years experience in software development and leading software development teams. A huge believer that the rise of Docker and container solutions is a positive transformation for the way we develop, deploy and maintain software.