In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
YOU MAY ALSO LIKE:
- Introduction to Docker Fundamentals (in London on 25th - 26th September 2017)
- ContainerSched 2017 - The Conference on DevOps, Cloud, Containers and Schedulers (in London on 28th - 29th September 2017)
- Kubernetes: Master Application Deployment and Scaling with Daniele Polencic (in London on 27th - 28th November 2017)
- Advanced Docker for Enterprise Operations (in London on 18th - 19th December 2017)
Can I haz non-privileged containers?
Nic Jackson is a software engineering evangelist working for notonthehighstreet.com, with over 20 years experience in software development and leading software development teams. A huge believer that the rise of Docker and container solutions is a positive transformation for the way we develop, deploy and maintain software.