In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
YOU MAY ALSO LIKE:
- Terraform in production (with Nic Jackson from Hashicorp) (SkillsCast recorded in February 2019)
- Fast Track to Chaos Engineering with Russ Miles (in London on 1st - 3rd July 2019)
- Advanced Docker for Enterprise Operations (in London on 23rd - 24th September 2019)
- ProgNET London 2019 (in London on 11th - 13th September 2019)
- Keynote by Markus Eisele on Java in the Age of Containers and Serverless (in London on 20th June 2019)
- Keynote Evening with Russ Miles (in London on 1st July 2019)
- Securing microservices in a serverless world (SkillsCast recorded in June 2019)
- Observability for Microservices: practical advice (SkillsCast recorded in June 2019)
Can I haz non-privileged containers?
Michael is a Developer Advocate for Go, Kubernetes, and OpenShift at Red Hat where he helps appops to build and operate distributed services. His background is in large-scale data processing and container orchestration and he's experienced in advocacy and standardization at W3C and IETF. Before Red Hat, Michael worked at Mesosphere, MapR and in two research institutions in Ireland and Austria. He contributes to open source software (mainly using Go), blogs and hangs out on Twitter too much.
Nic Jackson is a developer advocate and polyglot programmer at HashiCorp. He is the author of Building Microservices in Go, which examines the best patterns and practices for building microservices with the Go programming language. In his spare time, Nic coaches and mentors at Coder Dojo, teaches at Women Who Go and GoBridge, and speaks about and evangelizes good coding practice, process, and technique.