folak@lemmy.world to Selfhosted@lemmy.worldEnglish · 1 year agoDocker vs Podman, which one to choose for a beginner and why ?message-squaremessage-square48fedilinkarrow-up166arrow-down13
arrow-up163arrow-down1message-squareDocker vs Podman, which one to choose for a beginner and why ?folak@lemmy.world to Selfhosted@lemmy.worldEnglish · 1 year agomessage-square48fedilink
minus-squareazdle@news.idlestate.orglinkfedilinkEnglisharrow-up18arrow-down2·edit-21 year agoDefense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
minus-squarelemmyvore@feddit.nllinkfedilinkEnglisharrow-up3arrow-down7·1 year agoCorrect me if I’m wrong but containerization is enforced by the kernel, correct? If something escapes you’re pretty much screwed anyway.
minus-squareAtemu@lemmy.mllinkfedilinkEnglisharrow-up11·1 year agoThere are many layers involved in preventing escapes from containers.
Defense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
Correct me if I’m wrong but containerization is enforced by the kernel, correct? If something escapes you’re pretty much screwed anyway.
There are many layers involved in preventing escapes from containers.