CoreOS recently released Rocket 1.0–the latest version of its rkt container platform. Rocket 1.0 includes a variety of features designed to make containers more secure, and raises the bar for container security in general.
I wrote a post about the latest container platform from CoreOS:
CoreOS is a sort of frenemy of Docker—a competitor and partner at the same time—and continues to be a thorn in Docker’s side every once in a while. Now is one of those times as CoreOS recently unveiled version 1.0 of its rkt (A.K.A. “Rocket”) container runtime with a focus on making the container ecosystem more secure.
Containers have moved quickly from niche concept to mainstream technology—in large part thanks to Docker. As with most emerging technologies, though, security is an afterthought. Once mainstream acceptance begins, the focus shifts to security. It’s unfortunate that security doesn’t get more attention in the earlier development, but it’s a reality that occurs across all facets of technology.
As containers have gathered momentum and more organizations have considered containers as a part of the overall IT and app development strategy, security has taken center stage. Microsoft, IBM, Intel, VMware, and others have introduced container variants designed to embrace the benefits of the container concept while adding the security that enterprises need in order to adopt the technology with confidence.
An article in InfoWorld quotes CoreOS CTO Alex Polvi explaining how the daemon-less approach of rkt gives the platform a security edge over Docker. “Any action you take can be invoked as a separate operation, meaning it can be subject to privilege separation. Things talking to the Internet, for instance, don’t have to run as root. That’s just basic Unix system programming; you shouldn’t have to run everything as root in the server.”
CoreOS also includes things like signing and validating container images as a foundational principle of container security.
CoreOS previously frustrated Docker when it apparently abandoned its own Standard Container Manifesto and ventured down a path that was more proprietary. It was this conflict between CoreOS and Docker that provided the catalyst for the industry to band together with the Open Container Project.
Check out the complete post on ContainerJournal: CoreOS raises the bar for container security with Rocket 1.0.