Differences between revisions 1 and 2

k8s/StudyNotes/ Security Docker

Docker uses Namespace on linux does isolation, process still visible on host.
- /usr/include/linux/capability.h
  - can limit capability's.

On Docker can add capabilities

docker run --cap-add MAC_ADMIN or --cap-drop or --privileged

k8s/StudyNotes/SecurityDockerContainer (last edited 2021-10-23 09:23:19 by PieterSmit)

-  ⇤ ← Revision 1 as of 2021-10-23 09:20:01 → 
  Size: 298
  Editor: PieterSmit
  Comment:
+   ← Revision 2 as of 2021-10-23 09:20:12 → ⇥
  Size: 299
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-= k8s/StudyNotes/ Security Docker=
+= k8s/StudyNotes/ Security Docker =