container_security_book
Table of Contents
Overview
General observations …
Observations
- Is there a market for a book on underlying container technology?
- Works with context outside of Docker? podman? cgroups v2?
- “system containers” such as LXC and LXD?
- technologies:
- cgroups
- namespaces
- chroot
- scanning images
- rootfull versus rootless images
- too much setuid stuff, need to assume a lot of that
- emphasize ephemeral images
CHECK OUT
- “sidecar” containers
- Docker daemon needs to run as root, podman has no daemon
- “runc” and JSON bundle
container_security_book.txt · Last modified: 2020/01/18 21:45 by rpjday
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
