Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container security? #398

Closed
emschwartz opened this issue Jul 10, 2014 · 2 comments
Closed

Container security? #398

emschwartz opened this issue Jul 10, 2014 · 2 comments

Comments

@emschwartz
Copy link

Is there any effort being made to increase the security of Docker containers? Are they or will they ever be secure enough to run untrusted code, while protecting the host and each of the containers from one another?
@bgrant0607
Copy link
Member

For info on Docker security generally:
https://docs.docker.com/articles/security/

There are efforts underway to make it easier to use Linux security mechanisms with Docker, such as restricted capabilities, AppArmor, SELinux, non-root users, etc.

Are you asking how to access these features through Kubernetes?

That said, our position is that Docker doesn't yet provide a sufficient security boundary:
https://developers.google.com/compute/docs/security-bulletins?_ga=1.91563352.392654364.1401901573

@brendandburns
Copy link
Contributor

Closing this since I think @bgrant0607's response addresses the issue, and anything remaining is likely a broader issue for Docker/libcontainer/... rather than k8s.

@alex-mohr alex-mohr mentioned this issue Jan 29, 2015
Merged
keontang pushed a commit to keontang/kubernetes that referenced this issue May 14, 2016
@ddysher
Merge pull request kubernetes#398 from ddysher/fix-kube-down
a2d7511 
Fix kube-down delete etcd data
keontang pushed a commit to keontang/kubernetes that referenced this issue Jul 1, 2016
@ddysher
Merge pull request kubernetes#398 from ddysher/fix-kube-down
cf3f46d 
Fix kube-down delete etcd data
harryge00 pushed a commit to harryge00/kubernetes that referenced this issue Aug 11, 2016
@ddysher
Merge pull request kubernetes#398 from ddysher/fix-kube-down
9bfc2e9 
Fix kube-down delete etcd data
mqliang pushed a commit to mqliang/kubernetes that referenced this issue Dec 8, 2016
@ddysher @liubog2008
Merge pull request kubernetes#398 from ddysher/fix-kube-down
e937bfd 
Fix kube-down delete etcd data
mqliang pushed a commit to mqliang/kubernetes that referenced this issue Mar 3, 2017
@ddysher @keontang
Merge pull request kubernetes#398 from ddysher/fix-kube-down
62da641 
Fix kube-down delete etcd data
k8s-github-robot pushed a commit that referenced this issue Dec 18, 2017
e2e test layout changes for vsphere (#398)
015e20c
k8s-github-robot pushed a commit that referenced this issue Dec 18, 2017
Merge pull request #56593 from vmware/e2e-test-layout-upstream
59b7c08 
Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

e2e test layout changes for vsphere (#398)

**What this PR does / why we need it**:
For vSphere Cloud Provider there are many tests added. But all those tests are in e2e/storage directory.
This change is an effort to make vsphere tests modular.
New package 'vsphere' under test/e2e/storage/ is being created.

**Which issue(s) this PR fixes**:
Fixes # vmware-archive#353


**Special notes for your reviewer**:
This is a change purely for vSphere tests
Engineers in VMware have reviewed it.

**Release note**:
```release-note
None
```
seans3 pushed a commit to seans3/kubernetes that referenced this issue Apr 10, 2019
@jdumars
Merge pull request kubernetes#398 from k82cn/taint_by_cond_notes
e09765d 
Added 'Taint nodes by condition' release notes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@emschwartz @brendandburns @bgrant0607