|
|
|
|
|
|
by raesene9
1689 days ago
|
|
|
Obviously containers do add a of security relative to uncontained processes but there are security challenges(as I'm sure you're aware) There are multiple independent projects involved in securing a standard orchestrated docker style container (some of the set of Linux kernel/Linux distro/runc/containerd/docker/k8s) and no obvious owner of overall security configuration and problems. we've seen examples of this, e.g. k8s disabling Docker's seccomp filter, or more recently the difficulty in how to handle clone(3) and seccomp filters. For me it's that comparison with dedicated security sandboxes, is that in other projects there's a single team handling the whole security picture , which is likely to make things easier to manage. |
|
|