Docker rant
17
-
Upload
gnosek -
Category
Technology
-
view
127 -
download
1
Transcript of Docker rant
POST /v1.16/containers/0abe202395e4e61fc35f8f90e3432ad0f2fb3d3816a79c367ff716ecb57965dc/resize?h=24&w=107 HTTP/1.1
Host: /var/run/docker.sockUser-Agent: Docker-Client/1.4.0Content-Length: 0Content-Type: plain/text
"In the future, we expect new execution engine plugins to offer more choice and greater
granularity for our security-focused users."
„trusted” imageshttps://titanous.com/posts/docker-insecurity
remaining setuid bits
lxc-user-nic a couple netlink packets if you need a private net with CAP_NET_ADMIN !newuidmap a single write() newgidmap if you need multiple uids/gids