For more QCon posts, see my live blog table of contents.

Today

• Docker typically runs as a privileged user.
• Containers are meant to limit the damage from a compromise. The world an attacker can see inside the container is a limited one)
• Want unprivileged containers so don’t need sudo/privileged access to launch container in the first place.

Chrome sandbox on Linux

• uses Seccomp, Namspaces, Apparmor.
• doesn’t need to be run as root.
• each tab is in its own namespace – process only knows about itself
• if Chrome can do this, why not Docker

General notes

• cgroups (Controlgroups) limit what resources a process can use and how much.
• Each time you docker build something it spawns a new container. Just blocking things wholesale would cause issues here.
• I had trouble following what was current/future in the examples.

Future

• Won’t need to run as root
• Can customize sandboxes from defaults, better UX for dealing with security policies.
• “postgres should maintain a postgres profile”

Impression: A lot of this was recorded demos (show typing commands as graphic/video that plays out.) For the namespaces, it was helpful seeing the examples. For the Docker part, some of it went over my head. I only know a little Docker. And my system admin Linux isn’t strong enough to understand the implications of everything she brought up either. I still go something out of it though. And learned things that would be interesting to read more about.