[Swlug] Docker, containers, oh my!
David Goodwin
david at codepoets.co.uk
Wed Apr 26 10:10:56 UTC 2017
> Hi Matt,
>
> I don't use Docker (or any containers) in any production environment
> as I consider them as insecure.
>
> They may be useful for development, but vagrant / ansible isn't
> presenting enough issues for me to look elsewhere.
>
> My understanding is that containers share the same host kernel and are
> run with root privileges, using kernel namespaces and cgroups to
> partition resources. There have been security issues in the past, and
> this setup is brittle - each security bug is serious, and any one bug
> may give you access to everything.
See also :
https://docs.docker.com/engine/security/security/#other-kernel-security-features
(Note - "supported, but not enabled by default" for a few things !)
David.
More information about the Swlug
mailing list