At CoreOS, running containers securely is a number one priority. We recently landed a number of features that are helping make CoreOS Linux a trusted and even more secure place to run containers.
As of the 808.0.0 release, CoreOS Linux is tightly integrated with SELinux to enforce fine-grained permissions for applications. Building on top of these permissions, our container runtime, rkt, has gained support for SVirt in addition to a default SELinux policy.
The rkt SVirt implementation is compatible with Docker’s SVirt support, keeping you secure no matter what container runtime you choose. Before covering these new features in detail, it’s important to step back and review how container technology is already keeping infrastructure secure.
Containers = Increased Security Through Isolation
Containers ease the deployment and management of applications and their dependencies, but the isolation that containers provide also results in increased security by reducing the degree to which applications can interact. Continue reading