1517
you are viewing a single comment's thread
view the rest of the comments
[-] nomecks@lemmy.world 111 points 1 year ago

There's no root login. It's all containers.

[-] SpaceNoodle@lemmy.world 52 points 1 year ago

It's containers all the way down!

[-] RealFknNito@lemmy.world 32 points 1 year ago
[-] magic_lobster_party@kbin.social 14 points 1 year ago

I deploy my docker containers in .mkv files.

[-] residentmarchant@lemmy.world 12 points 1 year ago

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user's data in it. Not saying it's likely, but containers don't really fix much in the way of gaining privileged access to steal information.

[-] towerful@programming.dev 19 points 1 year ago

That's why it's containers... in containers

It's like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

[-] PochoHipster@lemmy.ml 9 points 1 year ago

So is running it on actual hardware basically rawdoggin?

[-] lemann@lemmy.one 6 points 1 year ago

Wow what an analogy lol

[-] bobs_monkey@lemm.ee 6 points 1 year ago

What if those helmets are watermelon helmets

[-] Dyskolos@lemmy.zip 2 points 1 year ago

Then two would still be better than one ๐Ÿ˜‰

[-] dan@upvote.au 5 points 1 year ago

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

[-] Cysioland@lemmygrad.ml 3 points 1 year ago

Ah, so there is something even more barebones than Alpine

[-] FrederikNJS@lemm.ee 2 points 1 year ago* (last edited 1 year ago)

Sure, there's also the scratch image, which is entirely empty... So if your app is just a single statically linked binary, your entire container contents can be a single binary.

The busybox image is also more barebones than alpine, but still has a couple of basic tools.

[-] Venat0r@lemmy.world 9 points 1 year ago

The containers will have a root login, but the ssh port won't be open.

I doubt they even have a root user. Just whatever system packagea are required baked into the image

[-] FrederikNJS@lemm.ee 3 points 1 year ago

Containers can be entirely without anything. Some containers only contain the binary that gets executed. But many containers do contain pretty much a full distribution, but I have yet to see a container with a password hash in its /etc/shadow file...

So while the container has a root account, it doesn't have any login at all, no password, no ssh key, nothing.

this post was submitted on 20 Oct 2023
1517 points (98.9% liked)

Programmer Humor

32479 readers
236 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS