At Twistlock, it is very important to us to be a part of the community and, when possible, contribute the source code to various open source projects. One of the projects we contributed to the most is the Docker application container engine. One of our main contributions to the Docker engine is the authorization plugins we developed, which were introduced in Docker 1.10. Authorization plugins enable approving or denying management requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.
OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have a choice of offerings, including online, on-premise, and open source project options. We have many customers using OpenShift and have various integration points with the product itself. Recently we were very happy to learn that OpenShift security uses Docker authorization plugins as part of their default OpenShift deployment. The reason for using those is on order to detect and avoid any RHEL based images to be pushed to the default docker.io registry. This helps to prevent users from violating Red Hat’s subscription agreement. According to Dan Walsh, Container Development Lead Engineer at Red Hat: “The introduction of the authorization plugin infrastructure allows us to customize the docker experience without us having to patch the code. This is the first step in getting fine grained access control over users interacting with container runtimes.”
You can read more about Red Hat’s plugin, including downloading the source code, here.
Consequently, we are proud to say that if you run OpenShift security you run code contributed by Twistlock! It is a delight to realize we helped the two products to work better together and we look forward to many more contribution and joint work with both Red Hat and Docker.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Multiple Registry Scanners: 2.4 Deep Dive
At Twistlock, we’ve watched our customers implement security through...
The Challenges of Securing and Protecting Containers During Runtime
Containers deliver many advantages over virtual machines, but they als...
Infinite Scale and Multitenancy with Projects: 2.4 Deep Dive
At Twistlock, we’re working with enterprises across almost every ind...
Twistlock 2.4 Release Notes
Announcing Twistlock 2.4 We just signed off on Twistlock 2.4, the 13th...
5 Ways to Solve for Enterprise Cloud Security Challenges and Risks
Infrastructure as a Service (IaaS) clouds present a somewhat unique se...