摘要
容器虚拟化技术并没有虚拟任何硬件,它使用宿主机的系统内核,通过Namespace技术来隔离不同的容器隔离应用程序来实现虚拟化。因此它是工作在操作系统级的虚拟化技术。然而共享内核的方式也带来了许多安全问题。因此我们着手分析Docker主要部件Docker容器、Docker配置和Docker共享内核的技术原理,并且尝试寻找其脆弱点,从而针对存在的威胁提出解决方案,使得Docker的安全性足以适应生产环境。
Linux Container technology does not virtualize any hardware,it just uses the host's system kernel with namespace technology to isolate different containers and applications to achieve virtualization.Therefore,it is a virtualization technology that works on the operating system level.However,the way of sharing the kernel also brings many security problems.So in this paper,we had focused on analyze the major components of Docker:Docker Engine,Docker Repositories and the technology principles of Docker sharing kernel,and tried to find its vulnerability.Moreover,we had strengthened the most fragile places,so that we can finally propose solutions to resolve the risks of the existence now.