SlideShare uma empresa Scribd logo

Ditch Sandboxes for Docker

Travis Thieman
Travis Thieman

Replace sandboxes with Docker, using expendable containers to let untrusted users execute whatever they want without putting anything at risk

Tecnologia
1 de 24
Baixar para ler offline
LESSONS IN HUBRIS
WHAT IS DOCKER? 2
WHAT IS DOCKER? • That awesome-looking whale we just saw 3
WHAT IS DOCKER? • That • The awesome-looking whale we just saw Linux container engine (lightweight VMs) 4
WHAT IS DOCKER? • That • The • Git awesome-looking whale we just saw Linux container engine (lightweight VMs) (and, sort of, GitHub) for deployment 5
LIFE BEFORE DOCKER • Install the right version of Java after four tries • Download • Remember • Run the leiningen script, run it that you forgot to chmod +x it the leiningen script again • Clone the project repo • Follow the README, apt-get some stuff, copy some things • Run the program 6
LIFE WITH DOCKER 7
DOCKER IMAGES 8
DOCKER IMAGES 9
BUILD ON EXISTING IMAGES 10
BUT WHAT CAN IT DO? 11
ENTER LAZUBOT 12
SANDBOXED EXECUTION 13
SANDBOXES ARE LAME 14
SANDBOXES ARE LAME • Executor cannot break the Zulip bot or access our secret • Executor cannot access the Internet • File • If system changes to the executor container are fine the executor gets out of control, the master kills it 15
I PROMISED YOU HUBRIS 16
DOCKER IN YO DOCKER • Host runs Ubuntu Host 17
DOCKER IN YO DOCKER • Host runs Ubuntu • Lazubot runs in a Docker container Master Host 18
DOCKER IN YO DOCKER • Host runs Ubuntu Exec • Lazubot runs in a Docker container • Lazubot creates child containers that execute arbitrary Clojure code Master Host 19 Exec
DOCKER IN YO DOCKER • Host runs Ubuntu • Lazubot runs in a Docker container • Lazubot creates child containers that execute arbitrary Clojure code Master Host 20
REWARD! 21
REWARD! 22
REWARD! 23
LESSONS IN HUBRIS

Recomendados

OpenWhisk Go/Swift/Binaries Runtime
OpenWhisk Go/Swift/Binaries RuntimeOpenWhisk Go/Swift/Binaries Runtime
OpenWhisk Go/Swift/Binaries Runtime
Michele Sciabarrà
 
OpenWhisk Go Runtime
OpenWhisk Go RuntimeOpenWhisk Go Runtime
OpenWhisk Go Runtime
Michele Sciabarrà
 
Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners
HubSpot
 
Git extension-training
Git extension-trainingGit extension-training
Git extension-training
Eric Guo
 
Introduction to Git Commands and Concepts
Introduction to Git Commands and ConceptsIntroduction to Git Commands and Concepts
Introduction to Git Commands and Concepts
Carl Brown
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston
 
Living with Files More Happily
Living with Files More HappilyLiving with Files More Happily
Living with Files More Happily
Yusuke Endo
 
Git and Github
Git and GithubGit and Github
Git and Github
Akshay Vasava
 

Recomendados

OpenWhisk Go/Swift/Binaries Runtime
OpenWhisk Go/Swift/Binaries RuntimeOpenWhisk Go/Swift/Binaries Runtime
OpenWhisk Go/Swift/Binaries Runtime
Michele Sciabarrà
 
OpenWhisk Go Runtime
OpenWhisk Go RuntimeOpenWhisk Go Runtime
OpenWhisk Go Runtime
Michele Sciabarrà
 
Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners
HubSpot
 
Git extension-training
Git extension-trainingGit extension-training
Git extension-training
Eric Guo
 
Introduction to Git Commands and Concepts
Introduction to Git Commands and ConceptsIntroduction to Git Commands and Concepts
Introduction to Git Commands and Concepts
Carl Brown
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston
 
Living with Files More Happily
Living with Files More HappilyLiving with Files More Happily
Living with Files More Happily
Yusuke Endo
 
Git and Github
Git and GithubGit and Github
Git and Github
Akshay Vasava
 
Travis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHPTravis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHP
Federico Damián Lozada Mosto
 
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Docker, Inc.
 
Gitgithub101slideshare 150922131830-lva1-app6891
Gitgithub101slideshare 150922131830-lva1-app6891Gitgithub101slideshare 150922131830-lva1-app6891
Gitgithub101slideshare 150922131830-lva1-app6891
Brian Okinyi
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
Randal Schwartz
 
Workshop For pycon13
Workshop For pycon13Workshop For pycon13
Workshop For pycon13
Steven Pousty
 
Intro to Git and GitHub
Intro to Git and GitHubIntro to Git and GitHub
Intro to Git and GitHub
Panagiotis Papadopoulos
 
Learning git
Learning gitLearning git
Learning git
Sid Anand
 
Teaching a Designer to Use GitHub
Teaching a Designer to Use GitHubTeaching a Designer to Use GitHub
Teaching a Designer to Use GitHub
Liam Dempsey
 
Introduction to git & GitHub
Introduction to git & GitHubIntroduction to git & GitHub
Introduction to git & GitHub
Poornachandrakashi
 
Introduction to git
Introduction to gitIntroduction to git
Introduction to git
Randal Schwartz
 
Intro to Git, GitHub, and Devpost
Intro to Git, GitHub, and DevpostIntro to Git, GitHub, and Devpost
Intro to Git, GitHub, and Devpost
Andrew Kerr
 
Building A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdBuilding A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and Etcd
Ross Kukulinski
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
Mark Atwood
 
Introduction git
Introduction gitIntroduction git
Introduction git
Dian Sigit Prastowo
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and Github
Somkiat Puisungnoen
 
Nginx conference 2015
Nginx conference 2015Nginx conference 2015
Nginx conference 2015
ING-IT
 
Building a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpBuilding a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from Yelp
dotCloud
 
Understanding the Docker ecosystem
Understanding the Docker ecosystemUnderstanding the Docker ecosystem
Understanding the Docker ecosystem
Kiratech
 
Git real slides
Git real slidesGit real slides
Git real slides
Lucas Couto
 
Atlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - FlynnAtlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - Flynn
jmanuzak
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
Docker, Inc.
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
dotCloud
 

Mais conteúdo relacionado

Mais procurados

Travis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHPTravis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHP
Federico Damián Lozada Mosto
 
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Docker, Inc.
 
Workshop For pycon13
Workshop For pycon13Workshop For pycon13
Workshop For pycon13
Steven Pousty
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
Mark Atwood
 
Atlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - FlynnAtlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - Flynn
jmanuzak
 

Mais procurados (20)

Travis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHPTravis-CI - Continuos integration in the cloud for PHP
Travis-CI - Continuos integration in the cloud for PHP
 
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
Deploying Personalized Learning Labs using Docker Swarm by Nate Aune and Bria...
 
Gitgithub101slideshare 150922131830-lva1-app6891
Gitgithub101slideshare 150922131830-lva1-app6891Gitgithub101slideshare 150922131830-lva1-app6891
Gitgithub101slideshare 150922131830-lva1-app6891
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
 
Workshop For pycon13
Workshop For pycon13Workshop For pycon13
Workshop For pycon13
 
Intro to Git and GitHub
Intro to Git and GitHubIntro to Git and GitHub
Intro to Git and GitHub
 
Learning git
Learning gitLearning git
Learning git
 
Teaching a Designer to Use GitHub
Teaching a Designer to Use GitHubTeaching a Designer to Use GitHub
Teaching a Designer to Use GitHub
 
Introduction to git & GitHub
Introduction to git & GitHubIntroduction to git & GitHub
Introduction to git & GitHub
 
Introduction to git
Introduction to gitIntroduction to git
Introduction to git
 
Intro to Git, GitHub, and Devpost
Intro to Git, GitHub, and DevpostIntro to Git, GitHub, and Devpost
Intro to Git, GitHub, and Devpost
 
Building A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and EtcdBuilding A SaaS with CoreOS, Docker, and Etcd
Building A SaaS with CoreOS, Docker, and Etcd
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
 
Introduction git
Introduction gitIntroduction git
Introduction git
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and Github
 
Nginx conference 2015
Nginx conference 2015Nginx conference 2015
Nginx conference 2015
 
Building a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpBuilding a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from Yelp
 
Understanding the Docker ecosystem
Understanding the Docker ecosystemUnderstanding the Docker ecosystem
Understanding the Docker ecosystem
 
Git real slides
Git real slidesGit real slides
Git real slides
 
Atlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - FlynnAtlanta Docker Meetup - 26June14 - Flynn
Atlanta Docker Meetup - 26June14 - Flynn
 

Semelhante a Ditch Sandboxes for Docker

Docker in pratice -chenyifei
Docker in pratice -chenyifeiDocker in pratice -chenyifei
Docker in pratice -chenyifei
dotCloud
 
Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in Practice
Docker, Inc.
 
Fits docker into devops
Fits docker into devopsFits docker into devops
Fits docker into devops
Evans Ye
 

Semelhante a Ditch Sandboxes for Docker (20)

Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
Nodejs OC Docker and Node
Nodejs OC Docker and NodeNodejs OC Docker and Node
Nodejs OC Docker and Node
 
Head first docker
Head first dockerHead first docker
Head first docker
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with Docker
 
Docker in pratice -chenyifei
Docker in pratice -chenyifeiDocker in pratice -chenyifei
Docker in pratice -chenyifei
 
Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in Practice
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Introduction to github using Egit
Introduction to github using EgitIntroduction to github using Egit
Introduction to github using Egit
 
Up & Running with Docker
Up & Running with DockerUp & Running with Docker
Up & Running with Docker
 
Fits docker into devops
Fits docker into devopsFits docker into devops
Fits docker into devops
 
Docker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOpsDocker Concepts for Oracle/MySQL DBAs and DevOps
Docker Concepts for Oracle/MySQL DBAs and DevOps
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
 
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
ContainerDays NYC 2015: "Easing Your Way Into Docker: Lessons From a Journey ...
 
Container Days
Container DaysContainer Days
Container Days
 
How bigtop leveraged docker for build automation and one click hadoop provis...
How bigtop leveraged docker for build automation and one click hadoop provis...How bigtop leveraged docker for build automation and one click hadoop provis...
How bigtop leveraged docker for build automation and one click hadoop provis...
 
Platform Clouds, Containers, Immutable Infrastructure Oh My!
Platform Clouds, Containers, Immutable Infrastructure Oh My!Platform Clouds, Containers, Immutable Infrastructure Oh My!
Platform Clouds, Containers, Immutable Infrastructure Oh My!
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Ditch Sandboxes for Docker