One decision point in choosing between and application container solution versus an OS container solution is security. I'm not knowledgeable enough to be able to compare and contrast the two. I assume they're different, but is one significantly more open than the other?
Asked
Active
Viewed 2,171 times
1 Answers
1
From a security standpoint, and in my opinion, rkt is worth considering too.
See for example CoreOS's somewhat opinionated comparison of rkt to alternative container systems.
As they point out, docker is now using containerd under the hood, and provides a whole bunch of 'stuff' around the running of containers - I would tend to think the extras are likely to introduce more attack surface than more barebones systems (like containerd).
You should also keep in mind that the security of lots (if not all) the solutions you list is enhanced by a suitably hardened kernel (e.g. PaX), and system (e.g. seLinux).
iwaseatenbyagrue
- 3,688
- 15
- 24