Online Courses
Container Security
Online Courses
Container Security
  • Introduction
  • Intro to Containerisation
    • What is Containerization
    • Introducing Docker
    • The History of Docker
    • The Benefits & Features of Docker
    • How does Containerisation Work?
  • Docker
    • Introduction
    • Basic Docker Syntax
    • Running Your First Container
    • Intro to Dockerfiles
    • Intro to Docker Compose
    • Intro to the Docker Socket
  • Intro to Kubernetes
    • Introduction
    • Kubernetes 101
    • Kubernetes Architecture
    • Kubernetes Landscape
    • Kubernetes Configuration
    • Kubectl
    • Kubernetes & DevSecOps
  • Container Vulnerabilities
    • Container Vulnerabilities 101
    • Vulnerability 1: Privileged Containers (Capabilities)
    • Vulnerability 2: Escaping via Exposed Docker Daemon
    • Vulnerability 3: Remote Code Execution via Exposed Docker Daemon
    • Vulnerability 4: Abusing Namespaces
  • Container Hardening
    • Protecting the Docker Daemon
    • Implementing Control Groups
    • Preventing "Over-Privileged" Containers
    • Seccomp & AppArmor 101
    • Reviewing Docker Images
    • Compliance & Benchmarking
Powered by GitBook
On this page
  1. Intro to Containerisation

What is Containerization

PreviousIntroductionNextIntroducing Docker

Last updated 8 months ago

In computing terms, containerisation is the process of packaging an application and the necessary resources (such as libraries and packages) required into one package named a container. The process of packaging applications together makes applications considerably portable and hassle-free to run.

Modern applications are often complex and usually depend on frameworks and libraries being installed on a device before the application can run. These dependencies can:

  • Be difficult to install depending on the environment the application is running (some operating systems might not even support them!)

  • Create difficulty for developers to diagnose and replicate faults, as it could be a problem with the application's environment - not the application itself!

  • Often conflict with each other. For example, having multiple versions of Python to run different applications is a headache for the user, and an application may work with one version of Python and not another.

Containerisation platforms remove this headache by packaging the dependencies together and “isolating” (note: this is not to be confused with "security isolation" in this context) the application’s environment.

If the device supports the containerisation engine, a user will be able to run the application and have the same behaviours.

In the screenshot above, we can see how three applications and their environments (such as dependencies) are packaged together and do not directly interact with the physical computer - but rather the containerisation engine (in this case, it is Docker)

We will come on to discuss precisely how containers isolate from one another, but for now, it’s important to understand that this isolation is a core feature of containers.

However, it is worth noting that containerisation platforms make use of the “namespace” feature of the kernel, which is a feature used so that processes can access resources of the operating system without being able to interact with other processes.

The isolation offered by namespaces adds a benefit of security because it means that if an application in the container is compromised, usually (unless they share the same namespace), other containers are unaffected.

Alternatives such as virtual machines will require a whole operating system being installed to run the application (taking up large amounts of disk space and other computing resources such as CPU and RAM)