筛选

Price Type:

Docker

【Docker + SELinux】 SELinux basics knowledge

SELinux (Secure Enhanced Linux) security enhanced Linux is a brand-new Linux security strategy mechanism developed by the US National Security Agency (NSA) for the security of computer infrastructure. SELinux can allow system administrators to define security policies more flexibly

【Docker + Selinux】 Can't Open / Permission denied

The main solution is how to configure `docker` security in the environment where `selinux` is turned on, as well as common error solutions. It is not blindly `chmod -R 777`,`--privileged=true`,`setenforce 0` , But focus on using the `selinux` security strategy

Docker Package Flask image

The main advantage of docker is that it can be easily deployed to the cloud, because the container has the additional benefit of running anywhere without facing dependency conflicts

Docker Daemon Socket TLS encryption

In order to prevent problems such as link hijacking and session hijacking from being attacked by an intermediary during Docker communication, both ends of c/s should communicate through encryption.

Use Clair to scan Docker images for vulnerabilities

Docker provides a docker hub that allows users to upload the created images for other users to download and quickly build the environment. But it also brings some security issues. The downloaded image is maliciously implanted into the backdoor, the image is tampered with during transmission, whether the environment built by the image contains loopholes, etc.

Docker modify storage path

When Docker is installed by default, the /var/lib/docker/ directory will be used as the storage directory to store the pulled images and created containers, etc.

Docker limits container resource CPU usage

By default, the host CPU resources that the container can use are unlimited. Like the use of memory resources, if the CPU resources that can be used by the container are not limited, once the program in the container abnormally uses the CPU, it is likely to exhaust the CPU resources of the entire host, leading to greater disasters

Understand how uid and gid work in Docker containers

Understanding how user names, group names, user IDs (uid), and group IDs (gid) map between the processes running in the container and the host system is important for building a secure system. If no other options are provided, the process in the container will be executed as root

Detailed Docker layer

What is a layer? Docker containers are the building blocks of applications. Each container is an image, and there is a read/write layer on top of a stack of read-only layers