Podman with capabilities on Fedora

Containerization is a booming technology. As many as seventy-five percent of global organizations could be running some type of containerization technology in the near future. Since widely used technologies are more likely to be targeted by hackers securing containers is especially important. This article will demonstrate how POSIX capabilities are used to secure Podman containers. Podman is the default container management tool in RHEL8.

Containers run in either privileged or unprivileged mode. In privileged mode the container uid 0 is mapped to the host8217s uid 0. For some use cases unprivileged containers lack sufficient access to the resources of the host machine. Technologies and techniques including Mandatory Access Control apparmor SELinux seccomp filters dropping of capabilities and namespaces help to secure containers regardless of their mode of operation.

To determine the privilege mode from outside the container.

If the above command returns true then the container is running in privileged mode. If it returns false then the container is running in unprivileged mode.

...

Read Full Post

News Link: https://fedoramagazine.org/podman-with-capabilities-on-fedora/.
RSS Link: https://fedoramagazine.org/feed/.

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.