Presented by:

Yan Arief

from openSUSE Indonesia

I am an linux and FOSS enthusiast, I live in Yogyakarta - Indonesia. I started using openSUSE since 2006.

No video of the event yet, sorry!

Containerization, led by Docker, has revolutionized the world of software deployment, offering efficiency and scalability. However, alongside these benefits, ensuring container security has become a paramount concern.

Docker containers operate in isolated environments, but vulnerabilities can still emerge. Privilege escalation is one such challenge where an attacker gains elevated access within a container, potentially compromising the entire host system. Vulnerabilities within container images are another concern, as malicious actors can exploit these weak points to breach systems.

Hardening Docker environments is crucial to minimize security risks. Start with secure image practices - utilize minimalist base images and regularly update them. Remove unnecessary components and apply security patches promptly. Configure host systems to limit the impact of any potential breach within a container. Employ network segmentation and access controls to restrict unauthorized interactions between containers.

Privilege escalation prevention involves a layered approach. Employing the principle of least privilege is key. Containers should run with the minimum necessary privileges, restricting the potential for attackers to gain higher-level access. Utilize Decker's built-in security features such as user namespaces to isolate container users from host users. Employ capabilities like AppArmor and seccomp to limit the actions containers can perform.

Clair, an open-source tool, addresses the vulnerability aspect of Docker security. It scans container images for known vulnerabilities in their components, libraries, and dependencies. Integrating Clair into your Continuous Integration and Continuous Deployment (CI/CD) pipeline enables proactive vulnerability assessment before deployment.

2023 October 21 - 15:45
30 min
Main Track

Happening at the same time:

  1. Some of my personal experience with the Linux and open source software
  2. Start Time:
    2023 October 21 15:45


  3. openSUSE Inside WSL
  4. Start Time:
    2023 October 21 15:45