folak@lemmy.world to Selfhosted@lemmy.worldEnglish · 8 months agoDocker vs Podman, which one to choose for a beginner and why ?message-squaremessage-square48fedilinkarrow-up166arrow-down13
arrow-up163arrow-down1message-squareDocker vs Podman, which one to choose for a beginner and why ?folak@lemmy.world to Selfhosted@lemmy.worldEnglish · 8 months agomessage-square48fedilink
minus-squareazdle@news.idlestate.orglinkfedilinkEnglisharrow-up18arrow-down2·edit-28 months agoDefense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
minus-squarelemmyvore@feddit.nllinkfedilinkEnglisharrow-up3arrow-down7·8 months agoCorrect me if I’m wrong but containerization is enforced by the kernel, correct? If something escapes you’re pretty much screwed anyway.
minus-squareAtemu@lemmy.mllinkfedilinkEnglisharrow-up11·8 months agoThere are many layers involved in preventing escapes from containers.
Defense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
Correct me if I’m wrong but containerization is enforced by the kernel, correct? If something escapes you’re pretty much screwed anyway.
There are many layers involved in preventing escapes from containers.