When you say stripped down you mean bare essentials in the kernel? Regards, Jonathan
From: Beowulf <beowulf-boun...@beowulf.org> On Behalf Of Alexander Antoniades Sent: 23 May 2019 21:59 To: Jan Wender <j.wen...@web.de> Cc: beowulf@beowulf.org Subject: Re: [Beowulf] Containers in HPC Red Hat re-implemented the Docker using the Open Container Spec (which is as far as I know a standard based on Docker) as a project called CRI-O https://cri-o.io/ which removes the need for a daemon to run containers and rectifies a lot of the security concerns by dividing the work of the daemon into multiple tools. As of RHEL/Centos 7.7 and 8+ they allow for running containers without root using that tool. A lot of the security concerns apply more to regular servers which are running Docker (or others) vs purpose build container hosting servers which can be stripped down and hardened. Thanks, Sander On Thu, May 23, 2019 at 3:03 PM Jan Wender <j.wen...@web.de<mailto:j.wen...@web.de>> wrote: Hi, > Am 23.05.2019 um 15:06 schrieb Gerald Henriksen > <ghenr...@gmail.com<mailto:ghenr...@gmail.com>>: > > security concerns about Docker One of the issues is that execution of a Docker container requires to be started as root, which can be done for services etc, but not for user processes. But I think that Docker is working on changing that requirement. Best, Jan -- Jan Wender - j.wen...@web.de<mailto:j.wen...@web.de> _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org<mailto:Beowulf@beowulf.org> sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
_______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
