oci-seccomp-bpf-hook
podman
oci-seccomp-bpf-hook | podman | |
---|---|---|
2 | 360 | |
287 | 21,951 | |
1.4% | 2.4% | |
6.6 | 10.0 | |
6 days ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
oci-seccomp-bpf-hook
-
Securing Containers with Seccomp: Part 1
I was thinking about how to solve that problem, and I thought of an idea: “What if we record the syscalls that a program makes while it’s running?” I was telling one of my co-workers about my idea, and the next day he sent me a link to a tool he found on GitHub. It turned out that some folks at Red Hat had already made a tool called oci-seccomp-bpf-hook that does exactly what I wanted!
-
Kubernetes Security Checklist 2021
The application should have a seccomp, apparmor or selinux profile according to the principles of least privileges (Udica, Oci-seccomp-bpf-hook, Go2seccomp, Security Profiles Operator)
podman
-
How I ended up using Colima for Docker on Apple Silicon
A lot of well-known Docker alternatives emerged at this point, the most commonly recommended of which must be Podman (along with Podman Desktop). This is what I use on my Windows machines, and this was the first solution that I tried on the Macbook as well.
-
Podman 5.0 has been released
Example of why: https://github.com/containers/podman/issues/5102#issuecommen...
-
Exploring 5 Docker Alternatives: Containerization Choices for 2024
Podman
- Podman 5.0.0: final release candidate
-
A Gentle Introduction to Containerization and Docker
Even though we will focus on Docker for this article, I wanted to mention that there are more container creation and management tools such as Podman, Rkt, and so on.
-
A Journey to Find an Ultimate Development Environment
By using containerization, the application will always have the same configuration that is used in the development environment and production environment. There is no more "It works on my machine". Some examples of containerization technologies are Docker and Podman.
-
Anatomy of Docker
Podman Documentation. Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.
-
Exploring Podman: A More Secure Docker Alternative
AFAIK podman either already supports pods in quadlet container files, or will in the near future. https://github.com/containers/podman/pull/20762
-
Podman Desktop 1.6 released: Even more Kubernetes and Containers features
Podman as a devcontainers engine doesn't currently work if you use devcontainer features [1] or (and this sounds like you're issue) if you use WSL2.
I haven't submitted the WSL2 issue to the Podman team yet. If you get to it before I do, can you like it here?
https://github.com/containers/podman/issues/18691#issuecomme...
-
Oracle data base
You can also use their Oracle Linux Docker images with the database preinstalled using either Podman or Docker. Just make absolutely sure you are downloading something you are licensed to use, because it seems really easy to accidentally infringe copyright via this method.
What are some alternatives?
grype - A vulnerability scanner for container images and filesystems
Portainer - Making Docker and Kubernetes management easy.
falco - Cloud Native Runtime Security
lima - Linux virtual machines, with a focus on running containers
hadolint - Dockerfile linter, validate inline bash, written in Haskell
kaniko - Build Container Images In Kubernetes
documentation - Kata Containers version 1.x documentation (for version 2.x see https://github.com/kata-containers/kata-containers).
rancher - Complete container management platform
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
containerd - An open and reliable container runtime
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...