11 Additional security considerations

 

This chapter covers

  • Securing running applications on different standalone servers, inside different VMs and containers
  • Running a container via a service versus as a child of the container engine via fork and exec
  • Linux security features used to keep containers isolated from each other
  • Setting up container image trust
  • Signing images and trusting them

In this chapter, I review and demonstrate some additional security considerations when using Podman to run containers. Some of the content was covered in other chapters, but I think it is useful to concentrate on these features from a security perspective.

One of the most frequent problems I see with people running containers is that when the container process is denied some access, the user’s first reaction is to run the container in --privileged mode, which turns off all security separation for your container. Understanding how to deal with the security features discussed in this chapter helps you avoid this.

11.1 Daemon versus the fork/exec model

Throughout the previous chapters, you have learned quite a bit about the problems of a daemon like Docker versus the fork/exec model employed by Podman.

11.1.1 Access to the docker.sock

11.1.2 Auditing and logging

11.2 Podman secret handling

11.3 Podman image trust

11.3.1 Podman image signing

11.4 Podman image scanning

11.5.1 Read-only containers

11.5 Security in depth

11.5.1 Podman uses all security mechanisms simultaneously

11.5.2 Where should you run your containers?

Summary