Spelling suggestions: "subject:"rodman"" "subject:"codman""
1 |
Container performance benchmark between Docker, LXD, Podman & BuildahEmilsson, Rasmus January 2020 (has links)
Virtualization is a much-used technology by small and big companies alike as running several applications on the same server is a flexible and resource-saving measure. Containers which is another way of virtualizing has become a popular choice for companies in the past years seeing even more flexibility and use cases in continuous integration and continuous development.This study aims to explore how the different leading container solutions perform in relation to one another in a test scenario that replicates a continuous integration use case which is compiling a big project from source, in this case, Firefox.The tested containers are Docker, LXD, Podman, and Buildah which will have their CPU and RAM usage tested while also looking at the time to complete the compilation. The containers perform almost on par with bare-metal except Podman/Buildah that perform worse during compilation, falling a few minutes behind.
|
2 |
Security in Rootless Containers : Measuring the Attack Surface of ContainersEngström Ericsson, Matilda January 2022 (has links)
Rootless containers are commonly perceived as more secure, as they run without added privileges. To the best of my knowledge, this hypothesis has never been proven. This thesis aims to contribute to addressing knowledge gaps in research by measuring the attack surface of Rootless Podman, Rootless Docker, as well as Rootful Docker for comparison. Furthermore, different Rootless Container Engines are analysed in a prestudy to summarise what current options exist on the market today. The attack surface is systematically measured using the Attack Surface Measurement Method. The method identifies resources and groups them into different attack classes, based on the resource attackability. The authors of the method defines attackability as the likelihood of a successful attack. Finally, the total attackability of the container engines is computed. The study concludes that attack surface is significantly reduced when a local container image is used, instead of downloading one. In addition, the design choice of the container engine influences the attack surface more than whether the container is rootless or rootful.
|
Page generated in 0.0367 seconds