Chapter 6. Limiting risk with resource controls

 

This chapter covers

  • Setting resource limits
  • Sharing container memory
  • Setting users, permissions, and administrative privileges
  • Granting access to specific Linux features
  • Working with SELinux and AppArmor

Containers provide isolated process contexts, not whole system virtualization. The semantic difference may seem subtle, but the impact is drastic. Chapter 1 touched on the differences a bit. Chapters 2 through 5 each covered a different isolation feature set of Docker containers. This chapter covers the remaining four and includes information about enhancing security on your system.

6.1. Setting resource allowances

6.2. Sharing memory

6.3. Understanding users

6.4. Adjusting OS feature access with capabilities

6.5. Running a container with full privileges

6.6. Strengthening containers with enhanced tools

6.7. Building use-case-appropriate containers

Summary

sitemap