Video recording and production done by OpenStack Foundation.
Whether you are integrating Docker containers into an existing cloud, or building out a multi-tenant cloud implementation using Docker, it can be a significant challenge to ensure proper security is in place. In this session, we will unravel various threads of security topics that all come together to provide properly configured security and isolation for Docker containers. Many of our findings are based on our experience in building and securing the IBM Container service based on Docker technology on top of an OpenStack IaaS. Topics include:
Usage and threat model
Implications of sharing the kernel with the host
How user namespaces provide isolation from the root user on host
Docker engine configuration for security and limitations for preventing forkbomb, filebomb, DOS
Security features and issues for Docker registry
Docker API and lack of multi-tenancy capabilities