• DocumentCode
    3705322
  • Title

    DockerPolicyModules: Mandatory Access Control for Docker containers

  • Author

    Enrico Bacis;Simone Mutti;Steven Capelli;Stefano Paraboschi

  • Author_Institution
    DIGIP - Universit? degli Studi di Bergamo, Italy
  • fYear
    2015
  • Firstpage
    749
  • Lastpage
    750
  • Abstract
    The wide adoption of Docker and the ability to retrieve images from different sources impose strict security constraints. Docker leverages Linux kernel security facilities, such as namespaces, cgroups and Mandatory Access Control, to guarantee an effective isolation of containers. In order to increase Docker security and flexibility, we propose an extension to the Dockerfile format to let image maintainers ship a specific SELinux policy for the processes that run in a Docker image, enhancing the security of containers.
  • Keywords
    "Containers","Linux","Kernel","Access control","Virtualization","Proposals"
  • Publisher
    ieee
  • Conference_Titel
    Communications and Network Security (CNS), 2015 IEEE Conference on
  • Type

    conf

  • DOI
    10.1109/CNS.2015.7346917
  • Filename
    7346917
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3705322