From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Secure container images, part 2 - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Secure container images, part 2
- [Narrator] The principle of least privilege implies that a subject which can be either a person or a service account should be granted only as much as access privileges as are needed to perform their job. Under no circumstances should they be given a blanket privilege beyond their role. The user instruction in Dockerfile specifies, the user, the container will be running as. If you don't specify a user in the Dockerfile, the container runs as a root by default. And for most containers, which are running business applications that is beyond the level of privileges they actually need. Keep in mind that unless you are building a system container that really needs to interact with the OS Kernel, no container needs route access. Setting a setuid bit on a file in a Unix-like operating system has some interesting consequences. Typically, when a Linux process is started from a file, the process runs with the permissions of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.