Head First DevSecOps
Security best practices
- Execution with non-root user
- Start containers in read-only mode
- Disable the setuid and setgid permissions
- Verifying images with Docker Content Trust
- Resource limitation
- Disabling ping command in a container
AppArmor allows you to regulate permissions and access of the containers in the filesystemSELinux provides a system of rules that allows you to implement access controls to the kernel resourcesSecure Computing Mode (Seccomp) monitors kernel system calls
Reference
- Implementing DevSecOps with Docker and Kubernetes
https://github.com/DropsOfZut/awesome-security-weixin-official-accounts
Disclaimer
- License under
CC BY-NC 4.0 - Copyright issue feedback
me#imzye.me, replace # with @ - Not all the commands and scripts are tested in production environment, use at your own risk
- No privacy information is collected here
Try iOS App