You are viewing a single thread.
View all comments View context
12 points

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user’s data in it. Not saying it’s likely, but containers don’t really fix much in the way of gaining privileged access to steal information.

permalink
report
parent
reply
5 points

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

permalink
report
parent
reply
3 points

Ah, so there is something even more barebones than Alpine

permalink
report
parent
reply
2 points
*

Sure, there’s also the scratch image, which is entirely empty… So if your app is just a single statically linked binary, your entire container contents can be a single binary.

The busybox image is also more barebones than alpine, but still has a couple of basic tools.

permalink
report
parent
reply
19 points

That’s why it’s containers… in containers

It’s like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

permalink
report
parent
reply
9 points

So is running it on actual hardware basically rawdoggin?

permalink
report
parent
reply
6 points

Wow what an analogy lol

permalink
report
parent
reply
6 points

What if those helmets are watermelon helmets

permalink
report
parent
reply
2 points

Then two would still be better than one 😉

permalink
report
parent
reply

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 4.4K

    Monthly active users

  • 1.5K

    Posts

  • 35K

    Comments