All articles tagged with "LXC"
Docker 1.0 is here, but is it safe for production? We dive deep into the kernel-level risks of early containerization, how to lock down capabilities, and why wrapping containers in KVM is the only sane choice for Norwegian sysadmins.
With the release of Docker 1.0, everyone wants to containerize. But as a sysadmin managing Norwegian infrastructure, I see gaping security holes. Here is how to lock down LXC and Docker using AppArmor, capabilities, and the right virtualization layer.
Docker 1.0 has just landed, changing the conversation around virtualization. We compare the emerging container tools against battle-tested LXC and OpenVZ, and explain why KVM is the only sane foundation for your stack in 2014.
Docker 1.0 is here, but running it in production requires more than a simple `docker run`. We dive into cgroups, namespaces, and why wrapping containers in KVM is the only way to satisfy Datatilsynet.
With the recent Heartbleed vulnerability shaking the internet, and Docker gaining traction in version 0.10, isolation is the priority. Here is how to secure your Linux Containers (LXC) effectively while maintaining performance.
It is 2014, and the container revolution is here. But before you deploy Docker to production, you need to understand the security risks of shared kernels. Here is a battle-hardened guide to locking down LXC and why KVM is mandatory for true isolation.
Docker is the new hotness, but running LXC in production requires serious hardening. We dissect cgroups, capabilities, and why KVM is still the safest boundary for Norwegian data.