hardening

How do I prevent root access to my docker container

喜你入骨 提交于 2020-07-03 04:44:48
问题 I am working on hardening our docker images, which I already have a bit of a weak understanding of. With that being said, the current step I am on is preventing the user from running the container as root. To me, that says "when a user runs 'docker exec -it my-container bash', he shall be an unprivileged user" (correct me if I'm wrong). When I start up my container via docker-compose, the start script that is run needs to be as root since it deals with importing certs and mounted files

Hardened runtime for Java and Mojave

孤街醉人 提交于 2019-12-01 07:07:53
I currently distribute a Java application, packaged and signed using pkgbuild on macOS. Recently, Apple warns developers: "In an upcoming release of macOS, Gatekeeper will require Developer ID–signed software to be notarized by Apple." Upon reading the notarizing docs, apple warns developers : "You must enable hardened runtime for your app to be notarized by Apple." Which goes into some details about how to toggle these settings on within Xcode. But what about apps not developed with Xcode? Xamarin/Mono have some back and forth about how they're tackling this but the commits so far seem to
订阅 hardening