https://lwn.net/Articles/637317/ This is a special feed containing comments posted to the individual LWN article titled "Docker security in the future (Opensource.com)". en-us Thu, 25 Sep 2025 02:57:59 +0000 Thu, 25 Sep 2025 02:57:59 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/638010/ https://lwn.net/Articles/638010/ smitty_one_each <div class="FormattedComment"> You make a requirement to sell more resources to the client sound like such a bad thing! ;-)<br> </div> Thu, 26 Mar 2015 12:00:25 +0000 https://lwn.net/Articles/637572/ https://lwn.net/Articles/637572/ jhoblitt <div class="FormattedComment"> It's likely still a performance win over hardware virtualization but the overhead of a "secure" container setup (selinux + seccomp + uid translation + network proxy containers) is starting to sound non-trivial.<br> </div> Mon, 23 Mar 2015 16:26:03 +0000 https://lwn.net/Articles/637503/ https://lwn.net/Articles/637503/ justincormack <div class="FormattedComment"> Filtering 17 odd syscalls and some network protocols is going to help a little, but seccomp policies work best if they are mostly deny, and of course that is rather difficult in the situation where you are trying to contain generic applications that you know little about.<br> </div> Sun, 22 Mar 2015 17:30:49 +0000