In this talk, Phil Estes will walk through the core security capabilities available today in Docker and other container runtimes, and how those capabilities have improved for both pure container isolation, but also improvements and capabilities that touch across the whole lifecycle of a container workflow. Phil will demonstrate recent additions to the Docker engine in 2016 such as user namespaces and seccomp and how they continue to enable better container security and isolation.
This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the “security toolbox” available in the Docker engine via Linux kernel capabilities and features enabled by OCI’s libcontainer/runc and Docker. This talk was given at Docker London on Wednesday, July 20th, 2016.
Watch the complete video at Skills Matter