Collaborate Disseminate
I have a Swarm Cluster and want to communicate securely between Windows Worker Nodes. The official Docker Documentation (https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/) states:
The nodes in a swarm use mutual Transport … Continue reading Secure Communication between Swarm Worker Nodes
Why does Docker use the same user and cgroup namespaces by default, when starting a new container?
I don’t understand why Docker doesn’t set up a new user namespace, so that root in the container isn’t the same as root on the host.
I have a website built with MediaWiki CMS.
This website contains a ContactPage contact form in which the subject field is hardcoded to the form wrapper via PHP;
This is odd, because all other fields aren’t hardcoded like thi… Continue reading Is there an advantage in removing an element both from CSS and JS?
Microsoft announces 40% smaller Server Core container images coming in the 20H1 timeframe.
The post Windows Server Core Container Images Now 40 Percent Smaller appeared first on Petri.
Continue reading Windows Server Core Container Images Now 40 Percent Smaller
One of the SOC 2 controls is apparently around ensuring antivirus/anti-spam/anti-malware is running on production servers. I’ve been googling to see if there are any recommendation/best practices for this in the container wor… Continue reading What are the best practices for anti-virus / anti-malware when using containers?
I have micro services deployed as AWS ECS Fargate containers. For internal communication they are using service discovery end point.
In my opinion, it is OK to use HTTP for internal communication. As I am not good at securi… Continue reading Is it OK to use HTTP for internal communication between two micro-services deployed on AWS ECS fargate?
I’ve been studying Docker security and examining ways of escaping from container to host.
Suppose Docker sock (docker.sock) is mounted into the container at /var/run/docker.sock, so that Docker client (docker) can send comma… Continue reading How to execute a command directly on the host system through docker.sock in a Docker container?
“If you wish to make an apple pie from scratch, you must first invent the universe.” [Carl Sagan]. If you wish to make preserved lemons the same way as [Uri Tuchman], you have to start with that mentality. Video also below. The recipe for [Uri]’s preserved lemons involves two ingredients …read more
Do you wonder how your team can save costs by lifting and shifting your existing applications to containers, and build micro-services applications to deliver value to your users faster? Use end-to-end developer and CI/CD tools to develop, update, a… Continue reading Container Services In Azure, ITProTV – Enterprise Security Weekly #141
Linux user namespaces are special, as they play the role of the owner of the other namespaces.
Distributions (Debian, Ubuntu, Arch, …) seem to ship with unprivileged user namespaces disabled.
For example, when podman is r… Continue reading How safe is it to enable unprivileged user namespace: unprivileged_userns_clone