At Twistlock, it is very important to us to be a part of the community and, when possible, contribute the source code to various open source projects. One of the projects we contributed to the most is the Docker application container engine. One of our main contributions to the Docker engine is the authorization plugins we developed, which were introduced in Docker 1.10. Authorization plugins enable approving or denying management requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.
OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have a choice of offerings, including online, on-premise, and open source project options. We have many customers using OpenShift and have various integration points with the product itself. Recently we were very happy to learn that OpenShift security uses Docker authorization plugins as part of their default OpenShift deployment. The reason for using those is on order to detect and avoid any RHEL based images to be pushed to the default docker.io registry. This helps to prevent users from violating Red Hat’s subscription agreement. According to Dan Walsh, Container Development Lead Engineer at Red Hat: “The introduction of the authorization plugin infrastructure allows us to customize the docker experience without us having to patch the code. This is the first step in getting fine grained access control over users interacting with container runtimes.”
You can read more about Red Hat’s plugin, including downloading the source code, here.
Consequently, we are proud to say that if you run OpenShift security you run code contributed by Twistlock! It is a delight to realize we helped the two products to work better together and we look forward to many more contribution and joint work with both Red Hat and Docker.
- Container Security
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog