[GLLUG] Docker question - for those that are using it

Andy Smith andy at bitfolk.com
Tue Sep 23 13:08:24 UTC 2014


On Tue, Sep 23, 2014 at 01:39:16PM +0100, Matthew Copperwaite wrote:
> Lately there has been some backlash against containers/Docker because the
> assumption was that, like a VM, the containers were isolated and therefore
> secure. This however was not necessarily the case, especially if SELinux is
> disabled or not installed. This meant on some PaaS services it was possible
> to "break in" to other Docker instances.

I thought it was interesting to hear that Google are starting
2 billion containers a week, but anything that is running
untrusted code (e.g. Google App Engine stuff) is still in a
container inside a paravirtualised VM.


If you follow the various feature and bug patches in the kernel (LWN
is great for doing this without having to read LKML) it's clear that
containers are still coming of age and separation is not yet complete
(and may never be).

Still containers are a useful feature and I am looking at deploying
services within them, even within a VM.


http://bitfolk.com/ -- No-nonsense VPS hosting

"I am the permanent milk monitor of all hobbies!" — Simon Quinlank

More information about the GLLUG mailing list