Daniel Walsh

Daniel Walsh's contributions

container-security
Article

Security Considerations for Container Runtimes

Daniel Walsh

Video: Security Considerations for Container Runtimes. Explains/demonstrates using Kubernetes with different security features for your container environment.

            Article
       Thumbnail
Article

Running systemd in a non-privileged container

Daniel Walsh

UPDATE: Read the new article "How to run systemd in a container" for the latest information. What is the scoop on running systemd in a container? A couple of years ago I wrote an article on Running systemd with a docker-formatted Container. Sadly, two years later if you google docker systemd this is still the article people see --- it's time for an update. This is a follow-up for my last article. docker upstream vs. systemd I have given many...

            Article
       Thumbnail
Article

Introducing the Atomic command

Daniel Walsh

Introducing the Atomic command '/usr/bin/atomic' The atomic command defines the entrypoint for Project Atomic hosts. On an Atomic Host, there are at least two distinct software delivery vehicles; Docker (often used in combination with the traditional RPM/yum/dnf), and rpm-ostree to provide atomic upgrades of the host system. The goal of the atomic command is to provide a high level, coherent entrypoint to the system, and fill in gaps in Linux container implementations. For Docker, atomic can make it easier to...

Article

Introducing a *Super* Privileged Container Concept

Daniel Walsh

Letting the containers out of containment. I have written a lot about *Containing the Containers*, e.g. *Are Docker containers really secure?* and *Bringing new security features to Docker*. However, what if you want to ship a container that needs to have access to the host system or other containers? Well, let's talk about removing all the security! Safely? Packaging Model I envision a world where lots of software gets shipped in image format. In other words, the application brings all...

Article

Opensource.com - Bringing new security features to Docker

Daniel Walsh

In the first of this series on Docker security, I wrote "containers do not contain." In this second article, I'll cover why and what we're doing about it. Docker, Red Hat, and the open source community are working together to make Docker more secure. When I look at security containers, I am looking to protect the host from the processes within the container, and I'm also looking to protect containers from each other. With Docker we are using the layered...

Article

Opensource.com - Are Docker containers really secure?

Daniel Walsh

This article from opensource.com is based on a talk I gave at DockerCon this year. It will discuss Docker container security, where we are currently, and where we are headed. Containers do not contain I hear and read about a lot of people assuming that Docker containers actually sandbox applications—meaning they can run random applications on their system as root with Docker. They believe Docker containers will actually protect their host system. I have heard people say Docker containers are...