by dvfjsdhgfv on 5/21/18, 3:03 PM
The problem with the security of containers doesn't have much to do with mandatory access control and similar mechanisms: it lies with the fact that you get a huge pile of software, a whole operating system to inspect, whereas the software in question is just a tiny bit of it. You need to trust the people who created the app as being competent enough to crate the app without errors, but also trust that they made no mistake in configuring the whole rest of the system that you would normally set up yourself. Having AppArmor/SELinux or not doesn't change much here as practically anything can be broken, and your task as a security officer working for a company using Docker images is an order of magnitude more difficult.