Google unveiled an open source tool that targets container security issues tied to the granting of privileged access to a Docker-based container. Docker containers are by default not granted privileged access to root content, though that does limit their agility.
Analysts have noted that the privileged and root access issues remain a sticking point for securing container deployments.
Google’s answer to this is the Kaniko tool. It allows for the building of a container image, which is the data basis for a running container. The tool builds the image from a Dockerfile that does not have privileged root access. A Dockerfile is a text document that contains the command lines needed to construct an image.
Kaniko supports the building of an image from a Dockerfile and the ability to push that image to a registry that houses those images for use in other containers.
Read more at SDx Central