The present invention relates generally to a Linux container infrastructure, and more particularly to a security fix of a container in a VM (virtual machine) environment.
More and more companies providing hosting and cloud services are adopting Linux container solutions. The Linux container solutions are emerging cloud technology based on fast and lightweight process virtualization that provides users with an environment as close as possible to a standard Linux distribution. Due to the fact that containers are lightweight compared to VMs, more instances of containers can be deployed than VMs on a host and in less time.
One of the main constraints is poor isolation between containers. Since containers share the same kernel as the host, all infrastructure will be vulnerable to kernel exploits, and malicious code may put the whole environment in danger. For example, Shocker is a malicious code that lets a Docker container access any file on a host, including sensitive information; this compromises security of the host and any other Docker containers on the host. The problem regarding the isolation between containers is still an open problem to the IT industry.