[GLLUG] Docker question - for those that are using it

James Courtier-Dutton james.dutton at gmail.com
Tue Sep 23 14:50:20 UTC 2014


On 23 September 2014 14:08, Andy Smith <andy at bitfolk.com> wrote:
> Hello,
>
> On Tue, Sep 23, 2014 at 01:39:16PM +0100, Matthew Copperwaite wrote:
>> Lately there has been some backlash against containers/Docker because the
>> assumption was that, like a VM, the containers were isolated and therefore
>> secure. This however was not necessarily the case, especially if SELinux is
>> disabled or not installed. This meant on some PaaS services it was possible
>> to "break in" to other Docker instances.
>

We are using Docker at work.
It is for Continuous Integration testing.
Docker is essentially a wrapper around chroot.
So, Docker has all the same vulnerabilities as chroot does.
For our testing, we can ensure that it is deploying to a newly built
machine each time, without the overhead of a VM.
In our case, Docker is running on a VM, so if we use a VM for CI, we
would be doing a VM inside a VM!
The application is a web site.
The real deployed machines are all real VMs.as chroot would not be
secure enough.

Kind Regards

James




More information about the GLLUG mailing list