Container Security

Fundamental Technology Concepts That Protect Containerized Applications

2020-04-21byLiz Rice
Book cover for Container Security
Publisher:O'Reilly Media
Date Published:

Many organizations now run applications in cloud native environments, using containers and orchestration to facilitate scalability and resilience. But how do you know whether your deployment is secure? To fully grasp the security implications of containers and their operation, you'll need an understanding of what they are and how they work. In this excerpt from her forthcoming book Container Security, author Liz Rice takes you through the mechanisms that isolate and protect your applications within each container. This book as a whole looks at the building blocks and security boundaries commonly used in container-based systems and how they're constructed in the Linux operating system. In the featured chapter, "Container Isolation," you'll learn how namespaces limit the set of files and directories that particular container processes can see, functionally isolating them from other operations. Learn how a container is actually a Linux process with a restricted view of the machine it's running on Explore the different namespaces typically used to create Linux containers Examine how containerized processes are isolated from the host and other containerized processes.