all InfoSec news
Container security fundamentals part 2: Isolation & namespaces
Datadog Security Labs securitylabs.datadoghq.com
In the first part of this series, we explored how containers are really just Linux processes. Now we need to understand how containers are isolated from the rest of the machine. In other words, how do we make sure that a process running in one container can’t easily interfere with the operation of another container or the underlying host?
Linux containers use several different mechanisms to provide isolation, as shown below. Each of these layers can be used independently of …
container containers container security fundamentals host isolation linux machine namespaces process processes rest security series understand