Fork me on GitHub

Ranked awesome lists, all in one place

This list is a copy of Friz-zy/awesome-linux-containers with ranks


Awesome Linux Containers

Awesome ★87749

Table of Contents

Foundations

Specifications

Clouds

Operating Systems

Hypervisors

Containers

Sandboxes

Partial Access

Filesystem

Dashboard

Best practices

Security

Tools

Levels of security problems

1) regular application

2) system services like cron, ssh

3) system services like devices, network, filesystems

4) kernel drivers, network stack, security policies

5) general like immutable infrastructure

src
src

Technologies for security

Things are better. For example, most modern container technologies can make use of Linux’s built-in security tools such as:
AppArmor, SELinux and Seccomp policies;
Grsecurity;
Control groups (cgroups);
Kernel namespaces
src

Sure, you’re deploying seccomp, but you can’t use selinux inside your container, because the policy isn’t per-namespace (?? lxc uses apparmore for each container…)
sVirt - selinux for kvm
src

Major kernel subsystems are not namespaced like:

Devices are not namespaced:

If you can communicate or attack one of these as a privileged process, you can own the system.
src

Another Information Sources

This list is a copy of Friz-zy/awesome-linux-containers with ranks