Part 4. Container security

In the final part of the book, part 4, I divulge all I know about container security. This part is very technical, but you learn some key concepts that will help you understand when a container gets permission denied. It also explains the benefits of running applications within a container from a security point of view. Containerizing applications adds tremendous protection from potential hacks to your host system.

In chapter 10, I explain all of the features of the kernel that Podman uses to isolate containers from each other as well as the host system. I explain SELinux, seccomp, Linux capabilities, read-only mount points, and many other features.

Chapter 11 digs into security considerations. You learn the security best practices for running your containers in production, how you should design your application, and how you should run your containerized application in production.