From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Isolation and OS security features - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Isolation and OS security features
- [Instructor] Namespaces. Control groups or in short, cgroups. Ability to add or drop OS system calls. Loadable security modules to bring additional security controls not offered by the OS by default. And lastly, the seccomp. Surprisingly, these capabilities have existed way before modern containers came into existence. Container platforms, such as Docker utilize these features of the Linux operating system to make containers easy to use, run, and secure. By default, each Linux process runs in a default namespace meaning, system resources such as process IDs, user IDs, network interfaces, and file systems are shared with other processes. As you can imagine, that will not work for containerized applications. Linux offers the ability to create namespaces. When a process is run inside a namespace, it is not able to see the resources in other namespaces. For example, it can't see the PID or process IDs from other…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.