Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Cloud Open Source Red Hat Software Security Virtualization

Bringing New Security Features To Docker 29

Posted by timothy
from the password-is-stevedore dept.
Czech37 writes SELinux lead Dan Walsh wrote last month that Docker "containers do not contain" and that the host system isn't completely protected. Today, Walsh details the steps that Docker, Red Hat, and the open source community are taking to make Docker more secure: "Basically, we want to put in as many security barriers to break out as possible. If a privileged process can break out of one containment tool, we want to block them with the next. With Docker, we are want to take advantage of as many security components of Linux as possible. If "Docker" isn't a familiar word, the project's website is informative; the very short version is that it's a Linux-based "open platform for developers and sysadmins to build, ship, and run distributed applications"; Wikipedia has a good explanation, too.
This discussion has been archived. No new comments can be posted.

Bringing New Security Features To Docker

Comments Filter:
  • Re:Watch (Score:3, Interesting)

    by Anonymous Coward on Wednesday September 03, 2014 @12:31PM (#47818233)

    A closed platform, walled garden or closed ecosystem[1][2] is a software system where the carrier or service provider has control over applications, content, and media, and restricts convenient access to non-approved applications or content. --Wikipedia definition of a Walled Garden [wikipedia.org]

    Please explain how this applies to Docker.

"Well, if you can't believe what you read in a comic book, what *can* you believe?!" -- Bullwinkle J. Moose

Working...