Differences between revisions 2 and 3

k8s/StudyNotes/ Security Docker

Docker uses Namespace on linux does isolation, process still visible on host.
- /usr/include/linux/capability.h
  - can limit capability's.

On Docker can add capabilities

docker run --cap-add MAC_ADMIN or --cap-drop or --privileged

k8s/StudyNotes/SecurityDockerContainer (last edited 2021-10-23 09:23:19 by PieterSmit)

-  ⇤ ← Revision 2 as of 2021-10-23 09:20:12 → 
  Size: 299
  Editor: PieterSmit
  Comment:
+   ← Revision 3 as of 2021-10-23 09:20:33 → ⇥
  Size: 349
  Editor: PieterSmit
  Comment: make more specific
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
+## page was renamed from k8s/StudyNotes/Security