Programmer Humor

19423 readers

128 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

Hitler uses Docker (www.youtube.com)

submitted 6 days ago by db0@lemmy.dbzer0.com to c/programmer_humor@programming.dev

17 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] anzo@programming.dev 1 points 14 hours ago* (last edited 14 hours ago) (1 children)

Ah, my bad "again"... should have mentioned that there's the advance configuration option that 1% of the geeks do

[–] taanegl@lemmy.ml 1 points 13 hours ago

It's not a question of being a geek, but securing your entire supply chain. If you don't already vet container image layers and cosigning said containers, chances are you're already in risky rivers all the same.

In essence the rooted mode was never that big of a risk when compared to the actual runtimes. Certain attacks don't even care about being in a user container if it deals with breaking the kernel itself, even with SELinux and AppArmor taken into account.

Rootless containers aren't a magic bullet as a result. The only thing that you should concern yourself with is what you're pushing to prod, how you layer your images and cosigning so that you can source... every mess... to every desk jockey junior...

You....

Do not...

Mess with my infra.

1000000363