|
|
|
|
|
|
by evol262
4360 days ago
|
|
|
> I still believe you are wrong and I did not claim Docker was a general container solution >I'm sure Docker is appropriate for some specific situations, but it is not currently an appropriate general container solution if you care about security. >Docker doesn't provide the full security isolation that Solaris Zones does; I'm sure it's the right style of solution for specific cases, but it is not an appropriate general solution for isolation or containerisation. Tell yourself whatever you need to. >You don't know how Solaris Zones work, because if you did, you'd understand that cgroups are insufficient to provide the same level of security. Which is why I also mentioned (and even linked you to the documentation for) docker_selinux, which is actually security instead of mere process isolation through namespaces and resource control (which are what cgroups do). Incidentally, this is the same way non-labeled zones work, but I guess I don't know anything about those. Think whatever you want. |
|
|