[Swlug] Docker, containers, oh my!

David Goodwin david at codepoets.co.uk
Wed Apr 26 10:10:56 UTC 2017


> Hi Matt,
>
> I don't use Docker (or any containers) in any production environment
> as I consider them as insecure.
>
> They may be useful for development, but vagrant / ansible isn't
> presenting enough issues for me to look elsewhere.
>
> My understanding is that containers share the same host kernel and are
> run with root privileges, using kernel namespaces and cgroups to
> partition resources. There have been security issues in the past, and
> this setup is brittle - each security bug is serious, and any one bug
> may give you access to everything.

See also :

https://docs.docker.com/engine/security/security/#other-kernel-security-features

(Note - "supported, but not enabled by default" for a few things !)


David.



More information about the Swlug mailing list