Container default capabilities

Docker containers run with the following capabilities by default: Capability Description SETPCAP Allow a process to change it’s own capabilities set (within the set it is already allowed). Should not be dangerous in practice. MKNOD Allows creation of special...

Container Security en Espa├▒ol

Containers vs Virtual Machines Basics: Los procesos deben correr como si estuvieran en otra computadora (process namaspace) Idem IPs (network namespace) Usuarios diferentes (user namespace) Las resouces debe ser limitadas (cgroups) No deberias poder escapar el...