zhangyanzhao
commented
1 year ago @Yuval-Mellanox will you finish this feature in 202305 release or move to future? Please let me know and thanks.
Open Yuval-Mellanox opened 1 year ago
zhangyanzhao
commented
1 year ago @Yuval-Mellanox will you finish this feature in 202305 release or move to future? Please let me know and thanks.
Yarden-Z
commented
1 year ago We will not finish this feature for 202305. We should move this.
liat-grozovik
commented
1 year ago @qiluo-msft could you please assign yourself as reviewer or suggest someone?
Containers is a method of creating virtualization and abstraction of an OS for a subset of processes/service on top of a single host with the purpose of giving it an environment to run and execute its tasks without effect of nearby containers/processes. In SONiC, we are deploying container with full visibility and capabilities as the host Linux. This poses a security risk and vulnerability as 1 breached container means that the whole system is breached. Addressing this issue – we have composed this doc for container hardening, containing the security hardening requirements and definitions for all containers on top of SONiC