October 23, 2014

On the Security of Containers

Docker's Eric Windisch writes, "I liken the difference between baremetal, VMs, and containers as I see the separation of buildings, apartments, and rooms. There are buildings such as warehouses that have neither apartments nor rooms, those that simply have a few rooms inside, and there buildings with apartments with rooms inside of them. There are also studio apartments which lack rooms. All rooms and apartments exist inside of buildings, but the number of rooms and apartments per building are highly variable...

"If you haven’t yet figured out the analogy, our rooms are Linux containers. Linux containers may be used inside of VMs, but yes, they may be used on bare-metal hardware. It’s possible to share an apartment with friends with each friend taking a room, but it’s not the same as each friend having their own apartment. It just isn’t. If you want to share an apartment with someone, it’s safer to share an apartment with people you really trust, or those that you’re going to live with anyway. Sometimes, but not always, that’s okay."

Read more at Medium.

