On 13.05.2015 10:21, Pavel Odintsov wrote:
Docker is awesome toolkit.
"From a security and composability perspective, the Docker process model - where everything runs through a central daemon - is fundamentally flawed. To “fix” Docker would essentially mean a rewrite of the project, while inheriting all the baggage of the existing implementation." - https://coreos.com/blog/rocket/
But we still haven't support for in OpenVZ/PCS. I'm really _NOT_ sure about idea to run Docker inside container.
http://blog.odin.com/serviceprovider/2015/3/19/for-service-providers-using-virtuozzo-docker-isnt-just-a-devops-phenomenon-anymore
I want to run it on HWN (together with another containers if possible) and run my custom applications in a securely manner here.
Docker has broken security model, and as result: http://www.opennet.ru/opennews/art.shtml?num=42195 http://openwall.com/lists/oss-security/2015/05/07/10
Running Docker inside containers is really strange idea and I haven't any use cases for it in my environment.
If you also need security - you should run Docker inside KVM virtual machines, or inside OpenVZ containers. -- Best regards, Gena _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
