Collaborate Disseminate
I am reviewing a kubernetes environment. I can see that the host docker/containerd socket is mounted into the containers. Do we really need docker in docker in production environments? What are the security consequences of it?
Note: Its no… Continue reading Docker in docker usecases and alternatives [closed]
I am trying to mount a secret in the pod securely. I have created the secrets with defaultMode: 0400 and runAsUser:1000. However when i am trying to access the secret in the container after doing exec in it, the secret file is owned by roo… Continue reading Mounting secrets with proper access control in kubernetes pods
Jack Wallen demonstrates how to attach and remove nodes from clusters in Docker Swarm to scale your services up and down as needed.
The post How to scale Docker Swarm services appeared first on TechRepublic.
Continue reading How to scale Docker Swarm services
Google announces the general availability of ‘rules_oci’ Bazel plugin to improve the security of container images.
The post Google Releases Open Source Bazel Plugin for Container Image Security appeared first on SecurityWeek.
Continue reading Google Releases Open Source Bazel Plugin for Container Image Security
I am using singularity sandboxes in my workflow for several reasons unrelated to security. However, after using it a bit, I am now wondering: is using a singularity sandbox an effective way to increase security by enforcing isolation / com… Continue reading Is using a singularity sandbox an effective way to increase security through isolation / compartmentalization?
Edit: though my wording may not be exact, I understand that two containers don’t have access to the same memory at the same time. My question is can one container see data that another has deallocated?
LXC allows us to over-provision RAM.
… Continue reading Is RAM wiped before use in another LXC container?
Fair warning – I am a security newbie.
In all container escape/breakout vulnerability scenarios I’ve read (CVE-2022-0185), the author assumes or states that the attacker already had shell or SSH access to the container. When I follow this … Continue reading What’re the most common vulnerabilities/weaknesses an attacker would exploit to gain SSH access to a container?
I’m evaluating running Chromium without native sandboxing in a rootless container. A few points:
You can containerize Chrome using rootless containers with something like podman. This will utilize kernel user-namespaces to isolate the Chr… Continue reading What are the potential vulnerabilities with containerized rootless Chrome and –no-sandbox?
Learn how to use Portainer to create a volume for Docker containers with this brief tutorial from Jack Wallen.
The post How to create a volume for Docker containers in Portainer appeared first on TechRepublic.
Continue reading How to create a volume for Docker containers in Portainer
MongoDB is a widely used NoSQL database that can function well in containers if you know how to set it up. Learn how to connect the Compass GUI here.
The post How to connect the Compass GUI to a Docker-deployed MongoDB database appeared first on TechRe… Continue reading How to connect the Compass GUI to a Docker-deployed MongoDB database