Turning Container security up to 11 with Capabilities
Mathias Tausig - 2 years ago
Container technologies, as popularized first by Docker, already offer a lot of security benefits out of the box the developers and DevOps professionals have come to rely upon. While this has proven to be valuable for increasing the security of many application deployments, it still leaves some room for improvement.
Firstly, a lack of deep understanding of what protections Docker is offering out of the box can be observed commonly, leading to a dangerous overreliance on the container engine. Secondly, the attack surface of your application can be significantly reduced by leveraging the
capabilities
functionality of the Linux kernel. Using it, one can greatly reduce the system function a running container has access to, thus limiting the exploitation consequences of a vulnerability in an application. This talk explains the possibilities of limiting
capabilities
in a container runtime.
Jobs with related skills

Senior DevOps Engineer (m/w/d)
Instaffo
·
3 days ago
Hamburg, Germany

DevOps Entwickler (m/w/d)
Instaffo
·
5 days ago
Halle (Saale), Germany

Senior Software Entwickler (m/w/d)
Instaffo
·
5 days ago
Bietigheim-Bissingen, Germany

Cloud Native DevOps Engineer (m/w/d)
Instaffo
·
5 days ago
Herten, Germany
Related Videos