[Swlug] Docker, containers, oh my!
Mark Einon
mark.einon at gmail.com
Wed Apr 26 08:09:10 UTC 2017
On 19 April 2017 at 16:19, Matt Willsher via Swlug
<swlug at mailman.lug.org.uk> wrote:
>
> Hi,
>
> Whats your view on Docker (and container in general)?
>
> Do you use it and if so to what degree? Has it made your liked easier?
>
> If you don't use containers now are you looking to learn more about them?
Hi Matt,
I don't use Docker (or any containers) in any production environment
as I consider them as insecure.
They may be useful for development, but vagrant / ansible isn't
presenting enough issues for me to look elsewhere.
My understanding is that containers share the same host kernel and are
run with root privileges, using kernel namespaces and cgroups to
partition resources. There have been security issues in the past, and
this setup is brittle - each security bug is serious, and any one bug
may give you access to everything.
Because this is the fundamental framework for containers, and having
been in the kernel for many years I don't expect the security issues
to disappear overnight - so I'll continue to ignore them for the time
being.
Mark
More information about the Swlug
mailing list