Turning Container security up to 11 with Capabilities
Mathias Tausig - 2 years ago
Container technologies, as popularized first by Docker, already offer a lot of security benefits out of the box the developers and DevOps professionals have come to rely upon. While this has proven to be valuable for increasing the security of many application deployments, it still leaves some room for improvement.
Firstly, a lack of deep understanding of what protections Docker is offering out of the box can be observed commonly, leading to a dangerous overreliance on the container engine. Secondly, the attack surface of your application can be significantly reduced by leveraging the
capabilities
functionality of the Linux kernel. Using it, one can greatly reduce the system function a running container has access to, thus limiting the exploitation consequences of a vulnerability in an application. This talk explains the possibilities of limiting
capabilities
in a container runtime.
Jobs with related skills

Site Reliability Engineer (m/w/d)
Instaffo
·
yesterday
Regensburg, Germany

Senior DevOps Engineer (m/w/d)
Instaffo
·
3 days ago
München, Germany

System Admin im Bereich DevOps (m/w/d)
Instaffo
·
3 days ago
Kiel, Germany

Senior DevSecOps Engineer (m/w/d)
Instaffo
·
2 days ago
Hückelhoven, Germany
Related Videos