Chief Architect for the central US at Red Hat, Thomas Cameron, has been in the information technology industry since 1993, and has worked with industries ranging from high tech manufacturing, multinational financial services, information technology services, education, energy production, transportation, and large scale retail services.
Prior to his two presentations at 14th annual Southern Californian Linux Expo (SCaLE 14x) this year—An Introduction to Container Security and Gluster Quickstart—I caught up with Thomas to discuss container security.
What security features from the community are you excited about in Docker's future?
Well, I'm personally biased about Security Enhanced Linux (SELinux), so to me, SELinux is the most exciting security feature in containers today. When you look at the granularity that type enforcement and multi-category security (MCS) offer, they massively increase the security offered when running multiple different frameworks and applications on a single host or virtual machine (VM).
SELinux provides a bright, shining line between different containers, so that even if one container's app is compromised, the rest of the system is safe.
After SELinux, I think that namespacing is a fantastic security feature. The ability of the host to abstract filesystems, networking, process IDs, users, and so on provides isolation of each container, protecting other containers and the host from attack.
One other very cool security feature is Linux capabilities (libcap). Linux capabilities is a mechanism whereby filters can be applied to the capabilities that the Linux kernel provides, excluding things like network and hardware management for the container. Not only does this simplify container management, it also makes containers more secure.
I'll demonstrate all of these features during my talk at SCaLE 14x this year.
What are common security mistakes to avoid when deploying containers?
Don't adopt a "fire and forget" mindset. Remember that, just as you have to keep up with updates of your operating system, you need to make sure that the contents of your container are kept up to date, as well. It's human nature for folks to finish a project and move on to the next, but with containers, we really have to focus on security and sustainability of those containers.
How would you alleviate concerns over security of multiple containers running on the same host?
This is a gross over-simplification, but multiple containers on a host is just the next logical step from multiple virtual machines on a host. Because those containers are tightly controlled by the kernel namespaced, Security Enhanced Linux, Linux kernel capabilities, and the like, you can be assured that the risk is minimal.