The Container Security book by Liz Rice
Fundamental Technology Concepts that Protect Containerized Applications
Perspectives on Isolating Docker Containers
-
Docker Security Features: User Namespace
The purpose of User Namespace is similar to other types of Linux namespaces - isolation. It isolates user and group ID number spaces, so that a process’s user and group ID can be different inside and outside of a user namespace.
-
Hardening Docker Hosts with User Namespaces
With some unchallenging configuration changes, it's possible to segregate your host's root user from the root user inside your containers with a not-so-new feature called User Namespaces. This feature has been around since Docker 1.10, which was released sometime around February 2016.
-
unit42.paloaltonetworks.com
Vendor Information
-
-
docs.docker.com
Further Reading
- No labels