[GLLUG] Docker question - for those that are using it
james.dutton at gmail.com
Tue Sep 23 14:50:20 UTC 2014
On 23 September 2014 14:08, Andy Smith <andy at bitfolk.com> wrote:
> On Tue, Sep 23, 2014 at 01:39:16PM +0100, Matthew Copperwaite wrote:
>> Lately there has been some backlash against containers/Docker because the
>> assumption was that, like a VM, the containers were isolated and therefore
>> secure. This however was not necessarily the case, especially if SELinux is
>> disabled or not installed. This meant on some PaaS services it was possible
>> to "break in" to other Docker instances.
We are using Docker at work.
It is for Continuous Integration testing.
Docker is essentially a wrapper around chroot.
So, Docker has all the same vulnerabilities as chroot does.
For our testing, we can ensure that it is deploying to a newly built
machine each time, without the overhead of a VM.
In our case, Docker is running on a VM, so if we use a VM for CI, we
would be doing a VM inside a VM!
The application is a web site.
The real deployed machines are all real VMs.as chroot would not be
More information about the GLLUG