kata-dev-irc-bot | <samuel.ortiz> @harshal.patil With MKTME, neither a process on the host, nor the hypervisor will be able to access your container/VM memory. | 05:08 |
---|---|---|
*** sjas_ has joined #kata-general | 05:09 | |
*** sjas has quit IRC | 05:11 | |
kata-dev-irc-bot | <harshal.patil> @samuel.ortiz thanks. So what are the advantages of a runtime like kata over runc in such scenario? | 05:29 |
kata-dev-irc-bot | <xu> @harshal.patil That’s different part of security/isolation. If an attacker escape from his container, the attacker could see all processes of other containers, and the attacker could kill or try other attack (such as via network) on other’s processes or host process even if the attacker could not access their memory. | 05:39 |
kata-dev-irc-bot | <xu> Memory encryption could be useful for many cases, but could not solve all security issues by itself only. | 05:40 |
kata-dev-irc-bot | <harshal.patil> @xu thanks | 05:41 |
*** jodh has joined #kata-general | 07:06 | |
*** jodh has joined #kata-general | 07:06 | |
*** gwhaley has joined #kata-general | 09:00 | |
*** gwhaley has quit IRC | 12:09 | |
*** gwhaley has joined #kata-general | 12:58 | |
*** gwhaley has quit IRC | 17:31 | |
*** jodh has quit IRC | 18:00 | |
*** gwhaley has joined #kata-general | 18:11 | |
*** gwhaley has quit IRC | 20:35 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!