Language Selection

English French German Italian Portuguese Spanish

Bringing new security features to Docker

Filed under
Red Hat
Server
Security

In the first of this series on Docker security, I wrote "containers do not contain." In this second article, I'll cover why and what we're doing about it.

Docker, Red Hat, and the open source community are working together to make Docker more secure. When I look at security containers, I am looking to protect the host from the processes within the container, and I'm also looking to protect containers from each other. With Docker we are using the layered security approach, which is "the practice of combining multiple mitigating security controls to protect resources and data."

Basically, we want to put in as many security barriers as possible to prevent a break out. If a privileged process can break out of one containment mechanism, we want to block them with the next. With Docker, we want to take advantage of as many security mechanisms of Linux as possible.

Luckily, with Red Hat Enterprise Linux (RHEL) 7, we get a plethora of security features.

Read more

More in Tux Machines

today's howtos

  • An introduction to Prometheus metrics and performance monitoring | Enable Sysadmin

    Use Prometheus to gather metrics into usable, actionable entries, giving you the data you need to manage alerts and performance information in your environment.

  • Why does Wireshark say no interfaces found – Linux Hint

    Wireshark is a very famous, open-source network capturing and analyzing tool. While using Wireshark, we may face many common issues. One of the common issues is “No Interfaces are listed in Wireshark”. Let’s understand the issue and find a solution in Linux OS.If you do not know Wireshark basic, then check Wireshark Basic first, then come back here.

  • How to Solve “Sub-process /usr/bin/dpkg returned an error code (1)” In Ubuntu

    It’s not uncommon to run into an issue of broken packages in Ubuntu and other Debian-based distributions. Sometimes, when you upgrade the system or install a software package, you may encounter the ‘Sub-process /usr/bin/dpkg returned an error code’ error. For example, a while back, I tried to upgrade Ubuntu 18.04 and I bumped into the dpkg error as shown below. [...] This type of dpkg error points to an issue with the package installer usually caused by the interruption of an installation process or a corrupt dpkg database. Any of the above-mentioned solutions should fix this error. If you have come this far, then it’s our hope that the issue has been successfully resolved and that you were able to reinstall your software package.

  • inttf NVIDIA Patcher [BASH Script] – If Not True Then False

    This is a BASH script, which download NVIDIA installer, extract it, patch it and make new patched installer package. This is very quickly tested alpha version so if you have any problems please let me know or if this works as it should you can also let me know. I use here currently Isaak I. Aleksandrov patches with my own modifications.

  • How to increase the size of your swapfile | Arcolinux.com

    Always think out of the box. Do not restrict yourself to just Arch Linux articles or ArcoLinux articles.

  • How to Install and Use PHP Composer on Linux Distributions

    The PHP composer is a dependency manager of the PHP framework that you can use on your Linux system to install PHP modules, applications, and packages. The PHP composer is a command-line based tool for Linux. If you are a programmer, you might know that different languages use different package dependency managers to install and update modules inside the system. Like, Python uses Pip, RUBY uses Bundler; in the same way, you can use the composer tool to install the PHP modules and packages on your system.

  • Synchronize Files Between Multiple Systems With Syncthing - OSTechNix

    In this step by step tutorial, we are going to learn what is Syncthing, how to install Syncthing on Linux, how to synchronize files between multiple systems in real time, and finally how to troubleshoot common Syncthing problems.

  • Install the XFCE desktop on your Raspberry PI - PragmaticLinux

    In this article you’ll learn how to install the XFCE desktop on your Raspberry PI. We’ll take a minimal install of the Raspberry PI operating system as a starting point. The XFCE installation on your Raspberry PI includes setting up all necessary building blocks, such as: display server, display manager, session manager, window manager and desktop environment.

Kodi 19.x "Matrix" - Beta 1

Lights! Camera! Action! ... nearly. It's Beta time for Kodi 19.x "Matrix", so let's take another step towards the Great Unveiling. As we now move into Beta, this release is much more about fixes than features: while there will be the odd new functionality, we're concentrating very much more on getting everything working properly from this point. To recap, then, one of the main objectives of 19.x "Matrix" is to release a production version of Kodi with Python 3 addons as early in 2021 as we can. That can only happen with enthusiastic community support, lots of good humour and willingness to see the best in others - well, that and coffee/beer (delete as applicable), of course! Read more Also: Kodi 19 Now In Beta With Python 3 Addons, AV1 Software Decoding

GParted Live 1.1.0-8 Stable Release

The GParted team has released a new stable version of GParted Live. This release includes GParted 1.1.0, updated packages, and other improvements. Read more

openmamba “light” with LXQt desktop

The “light” version of openmamba is renewed by adopting the LXQt desktop environment which replaces the previous LXDE environment. Meanwhile, the main release continues to provide users with an always up-to-date KDE Plasma desktop environment. In the Downloads section all the supports are available to run in live mode and install openmamba on PCs (64 and 32 bit x86 compatible archs): openmamba livecd rolling – ISO for live execution and installation of openmamba with KDE Plasma environment Read more