At Twistlock, it is very important to us to be a part of the community and, when possible, contribute the source code to various open source projects. One of the projects we contributed to the most is the Docker application container engine. One of our main contributions to the Docker engine is the authorization plugins we developed, which were introduced in Docker 1.10. Authorization plugins enable approving or denying management requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.
OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have a choice of offerings, including online, on-premise, and open source project options. We have many customers using OpenShift and have various integration points with the product itself. Recently we were very happy to learn that OpenShift security uses Docker authorization plugins as part of their default OpenShift deployment. The reason for using those is on order to detect and avoid any RHEL based images to be pushed to the default docker.io registry. This helps to prevent users from violating Red Hat’s subscription agreement. According to Dan Walsh, Container Development Lead Engineer at Red Hat: “The introduction of the authorization plugin infrastructure allows us to customize the docker experience without us having to patch the code. This is the first step in getting fine grained access control over users interacting with container runtimes.”
You can read more about Red Hat’s plugin, including downloading the source code, here.
Consequently, we are proud to say that if you run OpenShift security you run code contributed by Twistlock! It is a delight to realize we helped the two products to work better together and we look forward to many more contribution and joint work with both Red Hat and Docker.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Cryptomining Malware Emerges
I have been watching for the spread of malware that, primarily, uses c...
Calling the Twistlock API from PowerShell
The Problem This morning, a colleague was looking for situations where...
What Makes Distributed Security ‘Cloud Native’: Podcast Overview
I caught up with Scott Fulton III on this edition of The New Stack Mak...
Reflections on the 20th Anniversary of Open Source Technology
Exactly twenty years ago in February 1998, the term “open source” ...
Enhanced Syslog Data Streams: 2.3 Deep Dive
In each of our Twistlock releases, we publish some truly remarkable fe...