[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Docker research TODOs

Some have asked about the use of docker as a security feature. Docker isn’t meant to be, and currently is not, a security sandbox.

https://news.ycombinator.com/item?id=7909622 (top comment)
http://docs.docker.com/articles/security/

Anyone remember that website that said they were going to build a secure OS around containers? Last I checked they were just fancy graphics. A “desktop CoreOS” is a neat idea, but I have no clue how they’re planning to implement it.

Some people think that docker’s increasing focus on security + kernel hardening will be enough. Only time can tell. Here’s an interesting project that is trying to bring this to the desktop (for any distro):
http://subuser.org


Think of it as a more powerful (and possibly easier to use) apparmor. We’ll see. It’s still in alpha right now and has a long way to go (with security at least).

So, two docker-related research TODOs:

  • The place of subuser in Whonix
    – One very interesting use is having debian wheezy (or whatever) as your stable OS, but inside the container run a distro/userspace with more up-to-date repos. This might solve our “what do we do when we want to have a recommended app preinstalled, but Debian only has an outdated, pre-forked, embarrassingly bad version (or none at all)” problem.
  • The suitability of docker to implement HulaHoop’s “one-click hidden service” idea. (ie Wordpress docker image + with tor wiring; easily enabled/disabled/deleted/installed)

Here is one users notes around docker security:
http://www.jann.cc/2014/09/06/sandboxing_proprietary_applications_with_docker.html

Just randomly found this:

1 Like

Looks interesting. That is useful for some really low end machines or a quick and dirty anonymous setup where no strong security is desired.

Should I reach out to him? Maybe we can adopt this as an official port with its script packaged into a .deb

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]