Hi https://www.nccgroup.trust/us/our-research/understanding-and-hardening-linux-containers/
Containers can be a controversial topic. Some people think they are a good thing. Some people think that you would do a better job on data centre security if you put a red flashing sign over the front door and leave the door open. Whatever your point of view this white paper might be of some use to you.... " Operating System virtualisation is an attractive feature for efficiency, speed and modern application deployment, amid questionable security. Recent advancements of the Linux kernel have coalesced for simple yet powerful OS virtualisation via Linux Containers, as implemented by LXC, Docker, and CoreOS Rkt among others. Recent container focused start-ups such as Docker have helped push containers into the limelight. Linux containers offer native OS virtualisation, segmented by kernel namespaces, limited through process cgroups and restricted through reduced root capabilities, Mandatory Access Control and user namespaces. " -- Richard _______________________________________________ Sheffield Linux User's Group http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk FAQ at: http://www.sheflug.org.uk/mailfaq.html GNU - The Choice of a Complete Generation
