跳到主要内容

5 篇博文 含有标签「security」

查看所有标签

· 阅读需 1 分钟

podman logo

Podman Security Issue

Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

· 阅读需 1 分钟

podman logo

Building freely distributed containers with open tools

By Tom Sweeney GitHub

Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

· 阅读需 1 分钟

podman logo

Basic security principles for containers and container runtimes

By Brent Baude GitHub

Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

· 阅读需 11 分钟

podman logo

Generate SECCOMP Profiles for Containers Using Podman and eBPF

By Valentin Rothberg GitHub

Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.