Uploaded byBladE0341
PPTX, PDF672 views

Docker Security

Clair is a container vulnerability analysis service that scans container layers to detect known vulnerabilities without executing the container. It provides a list of vulnerabilities that threaten each container. The analyze-local-images tool allows analyzing local Docker images with Clair by copying an image ID. Logging multiple Docker containers can be automated by sending their logs to Logstash for indexing in Elasticsearch with a Kibana frontend, monitored alongside metrics from Cadvisor. SELinux applies Mandatory Access Control to Docker containers using the svirt_lxc_net_t type to improve security. It isolates processes but allows reading from most host labels.

Embed presentation

Downloaded 15 times
Docker Security Email : billal.ariif@gmail.com
Clair (Container Vulnerability Analysis Service) Clair is a container vulnerability analysis service. It provides a list of vulnerabilities that threaten a container, and can notify users when new vulnerabilities that affect existing containers become known. Clair analyzes each container layer once, and does not execute the container to perform its examination. The scanning engine extracts all required data to detect known vulnerabilities, and caches layer data for examination against vulnerabilities discovered in the future.
Analyze local images This is a basic tool that allow you to analyze your local Docker images with Clair. Images are made up of layers. History of a image contain ID’s of
Image Layers Demo We have locally available Ubuntu docker image Now copy Image ID to check its History Note that we have 4 layers
Run Ubuntu:14.04 image container to introduce some new layers
Conti.. After installing nano we commit our container under new image name latest_ubuntu Now again run Docker images to view ID of our new image 'latest_ubuntu' And now lets compare history of both images, hopefully we will se extra layer in history of image latest_ubuntu
Conti..
Conti.. Yes, here we go. Now we found another layer in the history of our new container, due to installation of nano.
Clair Implementation Pull Clair from git # sudo docker pull quay.io/coreos/clair:latest  Also download Clair config file from https://github.com/coreos/clair/blob/master/config.example.yaml And save in home directory with name config.yml in directory names config.  Now run Clair container # sudo docker run -p 6060:6060 -p 6061:6061 -v ~/config:ro quay.io/coreos/clair:latest -- config=/config/config.yaml
Analyze local Images implementation  Now install Clair tool for Docker images Analysis (make sure you have installed GO before this) # sudo go get -u github.com/coreos/clair/contrib/analyze-local-images  Check for locally available images # sudo docker images  Copy targeted image ID # sudo analyze-local-images <Docker Image ID>
Container Logs Docker historically has handled logging is through the docker logs command - Docker captures the STDOUT and STDERR of each container process, stores it on disk, and the user can query it with docker logs <container>.
Docker Logs Demo Host Machine Terminal: Container Terminal:
Automating Docker Logging But think about environment where hundreds of containers are running, cumbersome for administrator to query and monitor each. By automating the logs of all containers to a single place and then virtualization could make life of administrator much easier.
The Approach ElasticSearch to index the log data collected and make it more easily queryable Logstash to act as a remote syslog to collect the logs from the containers Logspout to actually send the container logs to Logstash Kibana as a nice front end for interacting with the collected data Cadvisor, a dashboard for monitoring container resource metrics, for kicks
sVirt  sVirt is a technology included in Red Hat Enterprise Linux 6 that integrates SELinux and virtualization. sVirt applies Mandatory Access Control (MAC) to improve security when using virtual machines. The default type we use for running Docker containers is svirt_lxc_net_t. All container processes run with this type.  All content within the container is labeled with the svirt_sandbox_file_t type.  svirt_lxc_net_t is allowed to manage any content labeled with svirt_sandbox_file_t.
Conti..  svirt_lxc_net_t is also able to read/execute most labels under /usr on the host.  Processes running with the svirt_lxc_net_t are not allowed to open/write to any other labels on the system. It is not allowed to read any default labels in /var, /root, /home etc. Processes in the container are not isolated from each other or the host OS. To view policy of lxc_net run: # cat /etc/selinux/targeted/contexts/lxc_contexts
Conti.. To view policy of lxc_net run:
Conti..  The latest Daniel Walsh patch allow admins to setup the containers to run at a specific level, which should satisfy the needs of MLS systems. # sudo docker run -d --security-opt label:level:TopSecret --security-opt label:type:docker_apache_t httpd Here TopSecret is MLS label. MLS is defined next.
Multi-Level Security (MLS) and Multi- Category Security (MCS). MCS labeling from a user and system administrator standpoint is straightforward. It consists of configuring a set of categories, which are simply text labels, such as "Company_Confidential" or "Medical_Records", and then assigning users to those categories.
Conti.. All this stuff is configured on Host, and results comes in form of audit logs in /var/log/audit/audit.logs Audit logs are difficult to understand by default. We can assign specific logs identifiers to processes. Logs identifiers help in searching right logs on right time
SeLinux Logs Demo Lets add rule for Docker Daemon to log read write execute access with identifier 'dockerDaemon' . Now after restarting Docker service grep audit logs with our identifier.
References https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic- host/7/container-security-guide/chapter-6-docker-selinux-security-policy https://www.mankier.com/8/docker_selinux - this explains the entire Docker SELinux policy. It is not in layman’s terms, but it is complete. https://github.com/projectatomic/docker-selinux http://crunchtools.com/securing-docker-svirt/ Daniel Walsh - https://opensource.com/business/14/7/docker-security-selinux https://opensource.com/business/14/9/security-for-docker https://opensource.com/business/15/3/docker-security-tuning

More Related Content

PDF
Kernel linux lab manual feb (1)
byjohny shaik
 
PDF
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...
byDocker, Inc.
 
PDF
An Introduction to Kubernetes
byImesh Gunaratne
 
PDF
Dessi docker kubernetes paas cloud
byMassimiliano Dessì
 
PDF
How Secure Is Your Container? ContainerCon Berlin 2016
byPhil Estes
 
PPTX
virtualization-vs-containerization-paas
byrajdeep
 
PPTX
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
byDocker, Inc.
 
PDF
Container Security: How We Got Here and Where We're Going
byPhil Estes
 
Kernel linux lab manual feb (1)
byjohny shaik
 
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...
byDocker, Inc.
 
An Introduction to Kubernetes
byImesh Gunaratne
 
Dessi docker kubernetes paas cloud
byMassimiliano Dessì
 
How Secure Is Your Container? ContainerCon Berlin 2016
byPhil Estes
 
virtualization-vs-containerization-paas
byrajdeep
 
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
byDocker, Inc.
 
Container Security: How We Got Here and Where We're Going
byPhil Estes
 

What's hot

PDF
Docker dDessi november 2015
byMassimiliano Dessì
 
PDF
Monitoring Dell Infrastructure using Docker & Microservices
byAjeet Singh Raina
 
PDF
Docker introduction
byLayne Peng
 
PDF
Veer's Container Security
byJim Barlow
 
PDF
Docker and Kubernetes 101 workshop
bySathish VJ
 
PDF
Kubernetes 101 - A Cluster Operating System
bymikaelbarbero
 
PDF
Containers: The What, Why, and How
bySneha Inguva
 
PPTX
Dev opsec dockerimage_patch_n_lifecyclemanagement_
bykanedafromparis
 
PDF
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
PDF
Docker security: Rolling out Trust in your container
byRonak Kogta
 
PPTX
Docker and kubernetes
byMeiyappan Kannappa
 
PDF
Kubernetes
byerialc_w
 
PDF
Dockers and kubernetes
byDr Ganesh Iyer
 
PDF
Docker Online Meetup: Infrakit update and Q&A
byDocker, Inc.
 
PPTX
Introduction to Microservices with Docker and Kubernetes
byDavid Charles
 
PDF
Introdution to Docker (theory and hands on) dbCafé - dbTrento
byCristian Consonni
 
PDF
Docker linuxday 2015
byMassimiliano Dessì
 
PDF
Container Orchestration from Theory to Practice
byDocker, Inc.
 
PDF
Troubleshooting Tips from a Docker Support Engineer
byJeff Anderson
 
PDF
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
byDocker, Inc.
 
Docker dDessi november 2015
byMassimiliano Dessì
 
Monitoring Dell Infrastructure using Docker & Microservices
byAjeet Singh Raina
 
Docker introduction
byLayne Peng
 
Veer's Container Security
byJim Barlow
 
Docker and Kubernetes 101 workshop
bySathish VJ
 
Kubernetes 101 - A Cluster Operating System
bymikaelbarbero
 
Containers: The What, Why, and How
bySneha Inguva
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
bykanedafromparis
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
Docker security: Rolling out Trust in your container
byRonak Kogta
 
Docker and kubernetes
byMeiyappan Kannappa
 
Kubernetes
byerialc_w
 
Dockers and kubernetes
byDr Ganesh Iyer
 
Docker Online Meetup: Infrakit update and Q&A
byDocker, Inc.
 
Introduction to Microservices with Docker and Kubernetes
byDavid Charles
 
Introdution to Docker (theory and hands on) dbCafé - dbTrento
byCristian Consonni
 
Docker linuxday 2015
byMassimiliano Dessì
 
Container Orchestration from Theory to Practice
byDocker, Inc.
 
Troubleshooting Tips from a Docker Support Engineer
byJeff Anderson
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
byDocker, Inc.
 

Viewers also liked

PDF
Docker containers & the Future of Drupal testing
byRicardo Amaro
 
PPTX
How To Train Your APIs
byAshley Roach
 
PPTX
Building a REST API Microservice for the DevNet API Scavenger Hunt
byAshley Roach
 
PDF
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
byZach Hill
 
PDF
Drupal workshop ist 2014
byRicardo Amaro
 
PDF
Microservice architecture
bySlim Ouertani
 
PDF
Drupalcamp es 2013 drupal with lxc docker and vagrant
byRicardo Amaro
 
PDF
Introduction to Infrastructure as Code & Automation / Introduction to Chef
byNathen Harvey
 
PDF
DOXLON November 2016 - Data Democratization Using Splunk
byOutlyer
 
PPTX
DATA CENTER
byShekar Reddy
 
PDF
Priming Your Teams For Microservice Deployment to the Cloud
byMatt Callanan
 
PDF
S.R.E - create ultra-scalable and highly reliable systems
byRicardo Amaro
 
PDF
Drupal workshop fcul_2014
byRicardo Amaro
 
PDF
Docker and Cloud - Enables for DevOps - by ACA-IT
byStijn Wijndaele
 
PDF
The free software history and communities’ journey ahead
byRicardo Amaro
 
PDF
DevOps meetup 16oct docker and jenkins
byBenoit Wilcox
 
PPTX
Docker (compose) in devops - prague docker meetup
byJuraj Kojdjak
 
PDF
Amplifying Docker - Alex Heneveld

byOutlyer
 
PPTX
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
byAdrien Blind
 
PDF
DOXLON November 2016 - ELK Stack and Beats
byOutlyer
 
Docker containers & the Future of Drupal testing
byRicardo Amaro
 
How To Train Your APIs
byAshley Roach
 
Building a REST API Microservice for the DevNet API Scavenger Hunt
byAshley Roach
 
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
byZach Hill
 
Drupal workshop ist 2014
byRicardo Amaro
 
Microservice architecture
bySlim Ouertani
 
Drupalcamp es 2013 drupal with lxc docker and vagrant
byRicardo Amaro
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
byNathen Harvey
 
DOXLON November 2016 - Data Democratization Using Splunk
byOutlyer
 
DATA CENTER
byShekar Reddy
 
Priming Your Teams For Microservice Deployment to the Cloud
byMatt Callanan
 
S.R.E - create ultra-scalable and highly reliable systems
byRicardo Amaro
 
Drupal workshop fcul_2014
byRicardo Amaro
 
Docker and Cloud - Enables for DevOps - by ACA-IT
byStijn Wijndaele
 
The free software history and communities’ journey ahead
byRicardo Amaro
 
DevOps meetup 16oct docker and jenkins
byBenoit Wilcox
 
Docker (compose) in devops - prague docker meetup
byJuraj Kojdjak
 
Amplifying Docker - Alex Heneveld

byOutlyer
 
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
byAdrien Blind
 
DOXLON November 2016 - ELK Stack and Beats
byOutlyer
 

Similar to Docker Security

PDF
Testing Docker Images Security
byJose Manuel Ortega Candel
 
PPTX
Docker Security and Orchestration for DevSecOps wins
bySharath Kumar
 
PDF
Docker Security - Secure Container Deployment on Linux
byMichael Boelen
 
PDF
Common primitives in Docker environments
byalexandru giurgiu
 
PDF
Attacking and Auditing Containers - Nishith Khadadiya
byNSConclave
 
PDF
Testing Docker Images Security -All day dev ops 2017
byJose Manuel Ortega Candel
 
PDF
WTF my container just spawned a shell!
bySysdig
 
PDF
Let's Do Bad Things to Unsecured Containers
byGene Gotimer
 
PDF
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
PDF
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
bySysdig
 
PDF
Docker London: Container Security
byPhil Estes
 
PPTX
Introduction to automated environment management with Docker Containers - for...
byLucas Jellema
 
PPTX
Docker Container Security
bySuraj Khetani
 
PDF
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
byNETWAYS
 
PPTX
Dock ir incident response in a containerized, immutable, continually deploy...
byShakacon
 
PDF
Docker for developers
byandrzejsydor
 
PPTX
Docker Security workshop slides
byDocker, Inc.
 
PDF
Running the Oracle SOA Suite Environment in a Docker Container
byGuido Schmutz
 
PPTX
Docker and the Container Ecosystem
bypsconnolly
 
PDF
Troubleshooting tips from docker support engineers
byDocker, Inc.
 
Testing Docker Images Security
byJose Manuel Ortega Candel
 
Docker Security and Orchestration for DevSecOps wins
bySharath Kumar
 
Docker Security - Secure Container Deployment on Linux
byMichael Boelen
 
Common primitives in Docker environments
byalexandru giurgiu
 
Attacking and Auditing Containers - Nishith Khadadiya
byNSConclave
 
Testing Docker Images Security -All day dev ops 2017
byJose Manuel Ortega Candel
 
WTF my container just spawned a shell!
bySysdig
 
Let's Do Bad Things to Unsecured Containers
byGene Gotimer
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
bySysdig
 
Docker London: Container Security
byPhil Estes
 
Introduction to automated environment management with Docker Containers - for...
byLucas Jellema
 
Docker Container Security
bySuraj Khetani
 
OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...
byNETWAYS
 
Dock ir incident response in a containerized, immutable, continually deploy...
byShakacon
 
Docker for developers
byandrzejsydor
 
Docker Security workshop slides
byDocker, Inc.
 
Running the Oracle SOA Suite Environment in a Docker Container
byGuido Schmutz
 
Docker and the Container Ecosystem
bypsconnolly
 
Troubleshooting tips from docker support engineers
byDocker, Inc.
 

Recently uploaded

PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
PDF
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
PDF
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PDF
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
PDF
Accelerating Data Validation with QuerySurge AI
byRTTS
 
PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
PPTX
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
Accelerating Data Validation with QuerySurge AI
byRTTS
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 

Docker Security

  • 1.
    Docker Security Email :billal.ariif@gmail.com
  • 2.
    Clair (Container VulnerabilityAnalysis Service) Clair is a container vulnerability analysis service. It provides a list of vulnerabilities that threaten a container, and can notify users when new vulnerabilities that affect existing containers become known. Clair analyzes each container layer once, and does not execute the container to perform its examination. The scanning engine extracts all required data to detect known vulnerabilities, and caches layer data for examination against vulnerabilities discovered in the future.
  • 3.
    Analyze local images Thisis a basic tool that allow you to analyze your local Docker images with Clair. Images are made up of layers. History of a image contain ID’s of
  • 4.
    Image Layers Demo Wehave locally available Ubuntu docker image Now copy Image ID to check its History Note that we have 4 layers
  • 5.
    Run Ubuntu:14.04 imagecontainer to introduce some new layers
  • 6.
    Conti.. After installing nanowe commit our container under new image name latest_ubuntu Now again run Docker images to view ID of our new image 'latest_ubuntu' And now lets compare history of both images, hopefully we will se extra layer in history of image latest_ubuntu
  • 7.
  • 8.
    Conti.. Yes, here wego. Now we found another layer in the history of our new container, due to installation of nano.
  • 9.
    Clair Implementation Pull Clairfrom git # sudo docker pull quay.io/coreos/clair:latest  Also download Clair config file from https://github.com/coreos/clair/blob/master/config.example.yaml And save in home directory with name config.yml in directory names config.  Now run Clair container # sudo docker run -p 6060:6060 -p 6061:6061 -v ~/config:ro quay.io/coreos/clair:latest -- config=/config/config.yaml
  • 10.
    Analyze local Imagesimplementation  Now install Clair tool for Docker images Analysis (make sure you have installed GO before this) # sudo go get -u github.com/coreos/clair/contrib/analyze-local-images  Check for locally available images # sudo docker images  Copy targeted image ID # sudo analyze-local-images <Docker Image ID>
  • 11.
    Container Logs Docker historicallyhas handled logging is through the docker logs command - Docker captures the STDOUT and STDERR of each container process, stores it on disk, and the user can query it with docker logs <container>.
  • 12.
    Docker Logs Demo HostMachine Terminal: Container Terminal:
  • 13.
    Automating Docker Logging Butthink about environment where hundreds of containers are running, cumbersome for administrator to query and monitor each. By automating the logs of all containers to a single place and then virtualization could make life of administrator much easier.
  • 14.
    The Approach ElasticSearch toindex the log data collected and make it more easily queryable Logstash to act as a remote syslog to collect the logs from the containers Logspout to actually send the container logs to Logstash Kibana as a nice front end for interacting with the collected data Cadvisor, a dashboard for monitoring container resource metrics, for kicks
  • 15.
    sVirt  sVirt isa technology included in Red Hat Enterprise Linux 6 that integrates SELinux and virtualization. sVirt applies Mandatory Access Control (MAC) to improve security when using virtual machines. The default type we use for running Docker containers is svirt_lxc_net_t. All container processes run with this type.  All content within the container is labeled with the svirt_sandbox_file_t type.  svirt_lxc_net_t is allowed to manage any content labeled with svirt_sandbox_file_t.
  • 16.
    Conti..  svirt_lxc_net_t isalso able to read/execute most labels under /usr on the host.  Processes running with the svirt_lxc_net_t are not allowed to open/write to any other labels on the system. It is not allowed to read any default labels in /var, /root, /home etc. Processes in the container are not isolated from each other or the host OS. To view policy of lxc_net run: # cat /etc/selinux/targeted/contexts/lxc_contexts
  • 17.
    Conti.. To view policyof lxc_net run:
  • 18.
    Conti..  The latestDaniel Walsh patch allow admins to setup the containers to run at a specific level, which should satisfy the needs of MLS systems. # sudo docker run -d --security-opt label:level:TopSecret --security-opt label:type:docker_apache_t httpd Here TopSecret is MLS label. MLS is defined next.
  • 19.
    Multi-Level Security (MLS)and Multi- Category Security (MCS). MCS labeling from a user and system administrator standpoint is straightforward. It consists of configuring a set of categories, which are simply text labels, such as "Company_Confidential" or "Medical_Records", and then assigning users to those categories.
  • 20.
    Conti.. All this stuffis configured on Host, and results comes in form of audit logs in /var/log/audit/audit.logs Audit logs are difficult to understand by default. We can assign specific logs identifiers to processes. Logs identifiers help in searching right logs on right time
  • 21.
    SeLinux Logs Demo Letsadd rule for Docker Daemon to log read write execute access with identifier 'dockerDaemon' . Now after restarting Docker service grep audit logs with our identifier.
  • 22.
    References https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic- host/7/container-security-guide/chapter-6-docker-selinux-security-policy https://www.mankier.com/8/docker_selinux - thisexplains the entire Docker SELinux policy. It is not in layman’s terms, but it is complete. https://github.com/projectatomic/docker-selinux http://crunchtools.com/securing-docker-svirt/ Daniel Walsh - https://opensource.com/business/14/7/docker-security-selinux https://opensource.com/business/14/9/security-for-docker https://opensource.com/business/15/3/docker-security-tuning

Editor's Notes