For more QCon posts, see my live blog table of contents.
- Docker typically runs as a privileged user.
- Containers are meant to limit the damage from a compromise. The world an attacker can see inside the container is a limited one)
- Want unprivileged containers so don’t need sudo/privileged access to launch container in the first place.
Chrome sandbox on Linux
- uses Seccomp, Namspaces, Apparmor.
- doesn’t need to be run as root.
- each tab is in its own namespace – process only knows about itself
- if Chrome can do this, why not Docker
- cgroups (Controlgroups) limit what resources a process can use and how much.
- Each time you docker build something it spawns a new container. Just blocking things wholesale would cause issues here.
- I had trouble following what was current/future in the examples.
- Won’t need to run as root
- Can customize sandboxes from defaults, better UX for dealing with security policies.
- “postgres should maintain a postgres profile”
Impression: A lot of this was recorded demos (show typing commands as graphic/video that plays out.) For the namespaces, it was helpful seeing the examples. For the Docker part, some of it went over my head. I only know a little Docker. And my system admin Linux isn’t strong enough to understand the implications of everything she brought up either. I still go something out of it though. And learned things that would be interesting to read more about.