Thar she blows

At Voxxed, the term ‘disruptive’ is something we tend to swerve, laced as it is with connotations of the very worst sort of tech marketing-speak. And while we’re on this tangent, you can take your syntax ninjas and code pirates and shove them too. But when it comes to describing Docker’s effect on the space in the past year or so, well, actually, disruptive isn’t too far from the mark. And with safety-focused Docker 1.3 out this month, the world’s biggest Linux container has levelled up yet again.

A crew of 45 contributors have been hard at work to bundle in 750 commits into Docker 1.3 – and the list of new fixes and features demonstrates just how much work has gone into this new release. Top ranking among these additions is Digital Signature Verification, which allows for auto-verification of provenance and integrity of all Official Repos using digital signatures.

According to the official blog, it represents the first of several features that the team is planning to ship in the coming months for for both publishers and consumers of repos. These will apparently include support for publisher authentication, PKI management, image integrity and authorization, and more.  A note of caution though: this featured is still being ‘hardened up’ by the Docker crew. Until then, consider Digital Signature Verification a work in process, and “don’t rely on this feature for serious security, just yet.”

Also in the security vein, there’s a new CLI flag, –security-opt, which allows developers to tailor SELinux or AppArmor security settings to specific containers.

There’s also a natty new debugging tool: docker exec. Docker exec lets developers start a process inside their Docker container via the Docker application programming interface (API) and command line interface (CLI). Don’t consider this feature a revision of Docker’s “one app per container” recommendation though: it’s more of an answer to customer demand from users who’d like helper processes around their apps.

Other additions include the new lifestyle tuner docker create. With this command, users can crack apart the docker run <image name> command – used to create a container and spawns a process to run it – and get more granular management of their container lifecycles. .

Lastly, we should mention that Docker now swims on Mac OS X by incorporating boot2docker and fixes how it works with directories. There’s been some critical fixings on boot2docker, and anyone using this feature in particular is urged to update as soon as they can.  For a comprehensive list of all the tinkerings, take a gander at the full release notes here.

Image by MindsEye_PJ

 

 

.

 

 

An Overview of Newly Secured Docker 1.3

About The Author
- Editor of Voxxed.com, focusing on all things Java, JVM, cloud-y, methodical, future-fantastic, and everything in between. Got a piece of news, article or tutorial you'd like to share with your fellow Voxxians? Drop us a line at info@voxxed.com

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>