Securing Docker Container Workloads

Course Description

Docker containers are a mainstream mechanism for application delivery, and securing the container workload is vital. This course will give you the knowledge and techniques you need for securing containerized software applications.

Table of Contents

  • Course Overview
  • Isolating Container Workloads with Linux Namespaces
    • Course Introduction
    • Introducing Namespaces
    • Creating a Container with Namespaces
    • Demonstrating Process Isolation with Namespaces
    • Understanding Docker’s Use of Namespaces
    • Modifying Namespace Use for a Docker Container
    • Module Summary
  • Controlling Access to Resources Using Control Groups
    • Module Overview
    • Introducing Control Groups
    • Applying CPU Shares Limits to Processes
    • Understanding Docker's Use of Control Groups
    • Defining the Resources Available to Control
    • Using the Docker CLI to Control Container Resource Usage
    • Module Summary
  • Managing the Privileges Available to a Container Workload
    • Module Overview
    • Managing Privileges with a Non-privileged User
    • Running a Container Workload as a Non-privileged User
    • Introducing Linux Capabilities
    • Docker and Linux Capabilities
    • Using Capabilities with a Container Workload
    • Module Summary
  • Limiting the System Calls Available to Container Workloads
    • Module Overview
    • Introducing Secure Computing Mode
    • Demonstrating the Use of a Basic Seccomp BPF Filter
    • Understanding Docker's Use of Seccomp
    • Creating a Custom Seccomp Profile for a Container Workload
    • Implementing a Custom Seccomp Profile for a Container Workload
    • Module Summary
  • Implementing Access Control for Container Workloads
    • Module Overview
    • Access Control with Linux Security Modules
    • Using SELinux to Implement Access Control
    • Applying SELinux to Container Workloads
    • Demonstrating SELinux Applied to Container Workloads
    • AppArmor and Applying Profiles to Container Workloads
    • Generating a Custom AppArmor Profile for a Container Workload
    • Course Summary

Take the course!