Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Nov 20, 2019
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Nov 2019
Assess ?

Ideally, containers should be managed and run by the respective container runtime without root privileges. This is not trivial but when achieved, it reduces the attack surface and avoids whole classes of security problems, notably privilege escalation out of the container. The community has discussed this as rootless containers for quite a while, and it is part of the open container runtime specification and its standard implementation runc, which underpins Kubernetes. Now, Docker 19.03 introduces rootless containers as an experimental feature. Although fully functional, the feature doesn't yet work with several other features such as cgroups resource controls and AppArmor security profiles.

Download the PDF



English | Español | Português | 中文

Sign up for the Technology Radar newsletter


Subscribe now

Visit our archive to read previous volumes