search

mhausenblas / the-container-security-book

The Container Security Book—a free book for practitioners
https://container-security.guide
82 stars 10 forks source link

Protective controls on host when runtime is vulnerable/exposed #5

Open paavan98pm opened 5 years ago

paavan98pm commented 5 years ago

This may link to issue #2 - having an understanding of protective controls on host would help with isolation and mitigation techniques.

Perhaps this is a chapter dedicated to VMMs and isolation enforced through seccomp, chroot and other sandboxing controls using projects like firecracker, gVisor, Kata containers and others.

mhausenblas commented 5 years ago

Maybe in Ch3 runtimes section for now?