container_security_book

General observations …

  • Is there a market for a book on underlying container technology?
  • Works with context outside of Docker? podman? cgroups v2?
  • “system containers” such as LXC and LXD?
  • technologies:
    • cgroups
    • namespaces
    • chroot
  • scanning images
  • rootfull versus rootless images
  • too much setuid stuff, need to assume a lot of that
  • emphasize ephemeral images
  • “sidecar” containers
  • Docker daemon needs to run as root, podman has no daemon
  • “runc” and JSON bundle
  • container_security_book.txt
  • Last modified: 2020/01/18 21:45
  • by rpjday