Major Hayden has written a research paper about securing linux containers. LXC and Docker are new technologies allowing more efficient utilization of server resources than traditional virtualization methods, such as KVM.
The isolation layer between the container and the kernel, as well as between each container, is extremely thin. Weaknesses in the kernel or the container configuration can lead to compromises of containers or the entire system. The responsibility of managing the operating system within the container can also become blurry with time, and that can also lead to compromises of the container.
The paper is extremely clear, well written.
Friday, August 21, 2015
Copyright © 2015-2018 Selected Links | RSS | Twitter | Linked list