Turning Container security up to 11 with Capabilities
Mathias Tausig - 11 months ago
Container technologies, as popularized first by Docker, already offer a lot of security benefits out of the box the developers and DevOps professionals have come to rely upon. While this has proven to be valuable for increasing the security of many application deployments, it still leaves some room for improvement.
Firstly, a lack of deep understanding of what protections Docker is offering out of the box can be observed commonly, leading to a dangerous overreliance on the container engine. Secondly, the attack surface of your application can be significantly reduced by leveraging the
capabilities
functionality of the Linux kernel. Using it, one can greatly reduce the system function a running container has access to, thus limiting the exploitation consequences of a vulnerability in an application. This talk explains the possibilities of limiting
capabilities
in a container runtime.
Jobs with related skills
DevOps Engineer/Integrator for communications systems
Voxtronic Austria GmbH
·
1 month ago
Vienna, Austria
Senior Software Engineer Full Stack Development (m/w/d)
BWI GmbH
·
6 days ago
München, Germany
+7
Hybrid
Senior DevOps Engineer (m/w/d)
BWI GmbH
·
6 days ago
Lead Developer (m/w/d)
ATLAS Dienstleistungen für Vermögensberatung GmbH
·
today
Frankfurt am Main, Germany
Hybrid
Related Videos