Matthew Garrett, principal security engineer at CoreOS, is one of the most respected names in the Linux world when it comes to security and cloud computing. I sat down with Garrett at CoreOS Fest to discuss the risks around containers and Linux in general. Here is an edited version of that discussion.
Lately we’ve been hearing a lot about container security. What are the risks involved with containers and what are open source projects like CoreOS doing to mitigate them?
Security is of a special concern around containers because many people think of containers in the same way that they think of VMs (virtual machines). The degree of isolation between containers is somewhat weaker than the degree of isolation between virtual machines. From that perspective it’s very easy to get into the mindset of containers being something that reduces security. In reality this depends very much on what you’re trying to do with containers, and containers do improve isolation compared to process that are simply running on the same host.