| *** igordc has quit IRC | 00:19 | |
| *** igordc has joined #kata-general | 00:21 | |
| kata-irc-bot | <eric.ernst> Hey @vltraheaven I would say that you’re already getting defense in depth with Kata. You are running a standard container, including options for seccomp, caps, etc. I would say this is your first interface of defense (the guest kernel). As a second layer, you have the hypervisor interface. On top of this, some namespaces/cgroups are utilized to constrain the VMM, etc, on the host even. | 02:37 |
|---|---|---|
| kata-irc-bot | <eric.ernst> Tbh, I haven’t heard anyone suggesting doing much beyond what’s in place (one person wanted SE Linux for better isolation between containers in the same pod, but this was as paranoid as I’ve heard folks). | 02:39 |
| *** igordc has quit IRC | 04:44 | |
| *** altlogbot_2 has quit IRC | 04:58 | |
| *** altlogbot_0 has joined #kata-general | 04:59 | |
| *** sameo has joined #kata-general | 07:51 | |
| *** sameo has quit IRC | 08:07 | |
| *** gemini_117 has joined #kata-general | 14:22 | |
| *** gemini_117 has left #kata-general | 14:33 | |
| *** altlogbot_0 has quit IRC | 23:29 | |
| *** altlogbot_0 has joined #kata-general | 23:30 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!