17

Docker rant

  • Upload
    gnosek

  • View
    130

  • Download
    1

Tags:

Embed Size (px)

Citation preview

Page 1: Docker rant
Page 2: Docker rant
Page 3: Docker rant
Page 4: Docker rant
Page 5: Docker rant

POST /v1.16/containers/0abe202395e4e61fc35f8f90e3432ad0f2fb3d3816a79c367ff716ecb57965dc/resize?h=24&w=107 HTTP/1.1

Host: /var/run/docker.sockUser-Agent: Docker-Client/1.4.0Content-Length: 0Content-Type: plain/text

Page 6: Docker rant
Page 7: Docker rant

"In the future, we expect new execution engine plugins to offer more choice and greater

granularity for our security-focused users."

Page 8: Docker rant
Page 9: Docker rant

all this crap running as root

Page 10: Docker rant

including the containersran by unprivileged (not any more) users

Page 11: Docker rant

„trusted” imageshttps://titanous.com/posts/docker-insecurity

https://titanous.com/posts/docker-insecurity
Page 12: Docker rant

KISS

Page 13: Docker rant

user namespacescompletely unprivileged* containers in kernel 3.9+

Page 14: Docker rant

remaining setuid bits

lxc-user-nic a couple netlink packets if you need a private net with CAP_NET_ADMIN !newuidmap a single write() newgidmap if you need multiple uids/gids

Page 15: Docker rant

https://github.com/gnosek/shoebox

https://github.com/gnosek/shoebox
Page 16: Docker rant
Page 17: Docker rant

Yggdrasil 2016 rant

Yggdrasil 2016 rant

Internet
ROBERTSON’S RANT

ROBERTSON’S RANT

Documents
Rant Issue 008

Rant Issue 008

Documents
Zoran Rant - termodinamika

Zoran Rant - termodinamika

Documents
The Rant & Rave Platform

The Rant & Rave Platform

Technology
Grammar Girl Rant

Grammar Girl Rant

Documents
Fifteen by RANT

Fifteen by RANT

Documents
RANT PPORTUNITY SUMMARY - Mass.gov

RANT PPORTUNITY SUMMARY - Mass.gov

Documents
Vester Flanagan Pawnshop Rant

Vester Flanagan Pawnshop Rant

Documents
Maxymiser Rant

Maxymiser Rant

Technology
Hummingbird by RANT

Hummingbird by RANT

Documents
Rant - Issue 1

Rant - Issue 1

Documents
Boven Bouw k Rant

Boven Bouw k Rant

Documents
OPENSHIFT & DEVOPS - avectris.ch€¦ · Docker Docker Docker Docker Docker Docker Prod Backend Test Backend Dev Backend Prod Frontend Test Frontend Dev Frontend Existing Backend

OPENSHIFT & DEVOPS - avectris.ch€¦ · Docker Docker Docker Docker Docker Docker Prod Backend Test Backend Dev Backend Prod Frontend Test Frontend Dev Frontend Existing Backend

Documents
Docker Docker - Docker Security - Docker

Docker Docker - Docker Security - Docker

Technology
The personalisation rant

The personalisation rant

Business
Open Source Rant

Open Source Rant

Entertainment & Humor
RANT by Hassan Khan

RANT by Hassan Khan

Documents
Rant Testimonials

Rant Testimonials

Documents
Docker Meetup at Docker HQ: Docker Cloud

Docker Meetup at Docker HQ: Docker Cloud

Technology
Rant cellapp product spec_mno

Rant cellapp product spec_mno

Business
Grey fleet rant

Grey fleet rant

Automotive
rant abdominal wall abscess

rant abdominal wall abscess

Documents
Ilim Rant issue 2

Ilim Rant issue 2

Documents
RANT '1'. - sora-dev.unm.edu

RANT '1'. - sora-dev.unm.edu

Documents
Ilim Rant issue 4

Ilim Rant issue 4

Documents
Docker 101 - techccu.csie.iotechccu.csie.io/2015/slides/frank.pdf · Docker Basics - CLI Docker client docker version docker info docker search [keyword] docker push/pull/commit docker

Docker 101 - techccu.csie.iotechccu.csie.io/2015/slides/frank.pdf · Docker Basics - CLI Docker client docker version docker info docker search [keyword] docker push/pull/commit docker

Documents
Argus - SMS rant

Argus - SMS rant

Documents
DOCKER 101 - DeveloperMarch€¦ · -Docker Machine -Docker Compose -Docker Stack -Docker Swarm -Docker Hub. INSTALLATION. INSTALLATION. WORKFLOW. client Dockerfile Image Registry

DOCKER 101 - DeveloperMarch€¦ · -Docker Machine -Docker Compose -Docker Stack -Docker Swarm -Docker Hub. INSTALLATION. INSTALLATION. WORKFLOW. client Dockerfile Image Registry

Documents
Antionio's Pizza- Rant

Antionio's Pizza- Rant

Documents