Tuesday, 26 September 2017

Amazon ECS provides support for Adding or Dropping Linux Capabilities to Containers

Adding or dropping Linux capabilities to containers has become convenient through the Amazon EC2 Container Service (Amazon ECS) by using the Docker’s cap-add & cap-drop flags. Linux capabilities aides in processing and giving fine-grained access control without any root access to a system, requiring additional permissions and doesn’t add any unnecessary security risks.By default, Docker runs as “unprivileged”, thus cannot execute most system and network administration operations. The Docker “privileged” mode gives root access, but aren’t optimal nor secured for most workloads. Cap-add and cap-drop options specify capabilities to add or drop for each container in a specific task.

No comments:

Post a Comment

With the help of Tags, control your IAM Users and Roles

AWS Identity and Access Management (IAM) is a web service which aids you safely manage access of AWS resources. AWS Identity and Access M...