undefined | Better HN

0 pointscoldtea2y ago0 comments

>Then you still didn't audit anything. What you need to do is inspect the docker file, follow everything it pulls in and audit that

You don't need to audit anything it pulls in INSIDE the container. Who cares? Just what kind of access it gives the container to the host.

0 comments

stirfish2y ago

This sounds like fine a way to mine Bitcoin for someone else

coldteaOP2y ago

The whole point is that you checked that the container gets no access to the network.

Not to mention why wouldn't you let a shell script container keep running?

tomjakubowski2y ago

You can use quotas to mitigate that risk, and monitoring to discover it. You'd be monitoring CPU usage anyway, whether or not you build your own images or write your own Dockerfiles.

j / k navigate · click thread line to collapse