At Twistlock, it is very important to us to be a part of the community and, when possible, contribute the source code to various open source projects. One of the projects we contributed to the most is the Docker application container engine. One of our main contributions to the Docker engine is the authorization plugins we developed, which were introduced in Docker 1.10. Authorization plugins enable approving or denying management requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.
OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have a choice of offerings, including online, on-premise, and open source project options. We have many customers using OpenShift and have various integration points with the product itself. Recently we were very happy to learn that OpenShift security uses Docker authorization plugins as part of their default OpenShift deployment. The reason for using those is on order to detect and avoid any RHEL based images to be pushed to the default docker.io registry. This helps to prevent users from violating Red Hat’s subscription agreement. According to Dan Walsh, Container Development Lead Engineer at Red Hat: “The introduction of the authorization plugin infrastructure allows us to customize the docker experience without us having to patch the code. This is the first step in getting fine grained access control over users interacting with container runtimes.”
You can read more about Red Hat’s plugin, including downloading the source code, here.
Consequently, we are proud to say that if you run OpenShift security you run code contributed by Twistlock! It is a delight to realize we helped the two products to work better together and we look forward to many more contribution and joint work with both Red Hat and Docker.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...