The present invention relates generally to a method, system, and computer program product for computing, and more particularly to a method, system, and computer program product for security of containers.
Cloud computing is a network of remote servers hosted over the internet. A user of cloud computing may use a remote server or host rather than a personal computer or a local server. Virtual machines are used extensively in cloud computing. A computer server may be run by a central core computer program called a kernel. Virtualization allows the computer server to contain multiple hosts or virtual machines, where each virtual machine or host can be accessed remotely by the user over the internet. The host may appear to be an independent computer server by use of virtualization. The host may have one or more containers. A container is a set of processes isolated from other parts of the computer server, and other hosts. A container can encapsulate an application and its dependency. An example of a kernel is a Linux® kernel. An example of a container is a Linux® container. Linux® is a registered trademark of Linus Torvalds. Security of containers is important to the computer server and to each virtual machine. Security concerns may include introduction of exploitable vulnerabilities in containers and possibly in the host. Any vulnerabilities in the kernel interface may be exploited by the container to harm the host. For example, running containers and applications which require root privileges, which are host privileges, may harm the host. Any vulnerabilities in the host may in turn affect other hosts and containers on the computer server.