Enviar pesquisa
Carregar
Docker rant
•
0 gostou
•
406 visualizações
G
gnosek
Seguir
Slides for a short rant on Docker
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 17
Baixar agora
Baixar para ler offline
Recomendados
Academy PRO: Docker. Part 1
Academy PRO: Docker. Part 1
Binary Studio
Jenkins, Bhyve, and Webdriver: Continuous Integration testing on FreeNAS by C...
Jenkins, Bhyve, and Webdriver: Continuous Integration testing on FreeNAS by C...
iXsystems
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
Introduction to docker
Introduction to docker
Bryan Yang
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps wins
Sharath Kumar
Academy PRO: Docker. Lecture 3
Academy PRO: Docker. Lecture 3
Binary Studio
Fundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSE
utianayuba
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
iXsystems
Recomendados
Academy PRO: Docker. Part 1
Academy PRO: Docker. Part 1
Binary Studio
Jenkins, Bhyve, and Webdriver: Continuous Integration testing on FreeNAS by C...
Jenkins, Bhyve, and Webdriver: Continuous Integration testing on FreeNAS by C...
iXsystems
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
Introduction to docker
Introduction to docker
Bryan Yang
Docker Security and Orchestration for DevSecOps wins
Docker Security and Orchestration for DevSecOps wins
Sharath Kumar
Academy PRO: Docker. Lecture 3
Academy PRO: Docker. Lecture 3
Binary Studio
Fundamental Virtualisasi di openSUSE
Fundamental Virtualisasi di openSUSE
utianayuba
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
UCL All of the Things (MeetBSD California 2014 Lightning Talk)
iXsystems
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4
Binary Studio
Docker linuxday 2015
Docker linuxday 2015
Massimiliano Dessì
Docker dDessi november 2015
Docker dDessi november 2015
Massimiliano Dessì
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
Phil Estes
Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2
Binary Studio
Docker / Ansible
Docker / Ansible
Stephane Manciot
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
Docker: From Zero to Hero
Docker: From Zero to Hero
Espeo Software
Continuous integration with Docker and Ansible
Continuous integration with Docker and Ansible
Dmytro Slupytskyi
DockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslash
Taylor Brown
Linux Containers & Docker
Linux Containers & Docker
Jumping Bean
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
pkgsrc 2013 - the record of the past year
pkgsrc 2013 - the record of the past year
Akio OBATA
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Box
Paramkusham Shruthi
CoreOS Overview
CoreOS Overview
Victor S. Recio
Fedora Atomic Host
Fedora Atomic Host
rranjithrajaram
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grep
All Things Open
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Fwdays
Docker 1.11 Presentation
Docker 1.11 Presentation
Sreenivas Makam
Introduction to Docker
Introduction to Docker
Kevin Littlejohn
pam_container -- jeszcze lżejsza wirtualizacja
pam_container -- jeszcze lżejsza wirtualizacja
gnosek
Ansible
Ansible
gnosek
Mais conteúdo relacionado
Mais procurados
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4
Binary Studio
Docker linuxday 2015
Docker linuxday 2015
Massimiliano Dessì
Docker dDessi november 2015
Docker dDessi november 2015
Massimiliano Dessì
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
Phil Estes
Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2
Binary Studio
Docker / Ansible
Docker / Ansible
Stephane Manciot
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
Docker: From Zero to Hero
Docker: From Zero to Hero
Espeo Software
Continuous integration with Docker and Ansible
Continuous integration with Docker and Ansible
Dmytro Slupytskyi
DockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslash
Taylor Brown
Linux Containers & Docker
Linux Containers & Docker
Jumping Bean
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
pkgsrc 2013 - the record of the past year
pkgsrc 2013 - the record of the past year
Akio OBATA
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Box
Paramkusham Shruthi
CoreOS Overview
CoreOS Overview
Victor S. Recio
Fedora Atomic Host
Fedora Atomic Host
rranjithrajaram
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grep
All Things Open
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Fwdays
Docker 1.11 Presentation
Docker 1.11 Presentation
Sreenivas Makam
Introduction to Docker
Introduction to Docker
Kevin Littlejohn
Mais procurados
(20)
Academy PRO: Docker. Part 4
Academy PRO: Docker. Part 4
Docker linuxday 2015
Docker linuxday 2015
Docker dDessi november 2015
Docker dDessi november 2015
Devoxx 2016: A Developer's Guide to OCI and runC
Devoxx 2016: A Developer's Guide to OCI and runC
Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2
Docker / Ansible
Docker / Ansible
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker: From Zero to Hero
Docker: From Zero to Hero
Continuous integration with Docker and Ansible
Continuous integration with Docker and Ansible
DockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslash
Linux Containers & Docker
Linux Containers & Docker
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
pkgsrc 2013 - the record of the past year
pkgsrc 2013 - the record of the past year
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Box
CoreOS Overview
CoreOS Overview
Fedora Atomic Host
Fedora Atomic Host
CLI Wizardry - A Friendly Intro To sed/awk/grep
CLI Wizardry - A Friendly Intro To sed/awk/grep
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Алексей Петров "Dockerize Me: Distributed PHP applications with Symfony, Dock...
Docker 1.11 Presentation
Docker 1.11 Presentation
Introduction to Docker
Introduction to Docker
Destaque
pam_container -- jeszcze lżejsza wirtualizacja
pam_container -- jeszcze lżejsza wirtualizacja
gnosek
Ansible
Ansible
gnosek
Ansible w praktyce
Ansible w praktyce
Kamil Grabowski
Warsztaty ansible
Warsztaty ansible
gnosek
ANSIBLE W PRAKTYCE
ANSIBLE W PRAKTYCE
Bartosz Tkaczewski
Ansible - Automatyzacja zadań IT
Ansible - Automatyzacja zadań IT
Kamil Grabowski
Destaque
(6)
pam_container -- jeszcze lżejsza wirtualizacja
pam_container -- jeszcze lżejsza wirtualizacja
Ansible
Ansible
Ansible w praktyce
Ansible w praktyce
Warsztaty ansible
Warsztaty ansible
ANSIBLE W PRAKTYCE
ANSIBLE W PRAKTYCE
Ansible - Automatyzacja zadań IT
Ansible - Automatyzacja zadań IT
Semelhante a Docker rant
Docker - From Walking To Running
Docker - From Walking To Running
Giacomo Vacca
Docker Security Overview
Docker Security Overview
Sreenivas Makam
Docker
Docker
Hussien Elhannan
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
Scaling Docker with Kubernetes
Scaling Docker with Kubernetes
Carlos Sanchez
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
Sreenivas Makam
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
Docker, but what it is?
Docker, but what it is?
Julien Maitrehenry
Introduction to Docker
Introduction to Docker
皓鈞 張
Dessi docker kubernetes paas cloud
Dessi docker kubernetes paas cloud
Massimiliano Dessì
Come costruire una Platform As A Service con Docker, Kubernetes Go e Java
Come costruire una Platform As A Service con Docker, Kubernetes Go e Java
Codemotion
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
From Monolith to Docker Distributed Applications
From Monolith to Docker Distributed Applications
Carlos Sanchez
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
moscmy2016: Extending Docker
moscmy2016: Extending Docker
Mohammad Fairus Khalid
ABCs of docker
ABCs of docker
Sabyrzhan Tynybayev
ContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS Developer
Docker-Hanoi
Docker networking Tutorial 101
Docker networking Tutorial 101
LorisPack Project
Docker London: Container Security
Docker London: Container Security
Phil Estes
Semelhante a Docker rant
(20)
Docker - From Walking To Running
Docker - From Walking To Running
Docker Security Overview
Docker Security Overview
Docker
Docker
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
Scaling Docker with Kubernetes
Scaling Docker with Kubernetes
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Docker, but what it is?
Docker, but what it is?
Introduction to Docker
Introduction to Docker
Dessi docker kubernetes paas cloud
Dessi docker kubernetes paas cloud
Come costruire una Platform As A Service con Docker, Kubernetes Go e Java
Come costruire una Platform As A Service con Docker, Kubernetes Go e Java
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
From Monolith to Docker Distributed Applications
From Monolith to Docker Distributed Applications
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
moscmy2016: Extending Docker
moscmy2016: Extending Docker
ABCs of docker
ABCs of docker
ContainerDayVietnam2016: Docker for JS Developer
ContainerDayVietnam2016: Docker for JS Developer
Docker networking Tutorial 101
Docker networking Tutorial 101
Docker London: Container Security
Docker London: Container Security
Último
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Último
(20)
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Docker rant
1.
2.
3.
4.
5.
POST /v1.16/containers/ 0abe202395e4e61fc35f8f90e3432ad0f2fb 3d3816a79c367ff716ecb57965dc/resize? h=24&w=107 HTTP/1.1 Host:
/var/run/docker.sock User-Agent: Docker-Client/1.4.0 Content-Length: 0 Content-Type: plain/text
6.
7.
"In the future,
we expect new execution engine plugins to offer more choice and greater granularity for our security-focused users."
8.
9.
all this crap
running as root
10.
including the containers ran
by unprivileged (not any more) users
11.
„trusted” images https://titanous.com/posts/docker-insecurity
12.
KISS
13.
user namespaces completely unprivileged*
containers in kernel 3.9+
14.
remaining setuid bits lxc-user-nic
a couple netlink packets if you need a private net with CAP_NET_ADMIN ! newuidmap a single write() newgidmap if you need multiple uids/gids
15.
https://github.com/gnosek/shoebox
Baixar agora