Cloud Native Apps and Security: The Case for CoreOS Rkt and Xen

Three Perspectives on the Evolution of Container Security
June 9, 2017
Transparent Authorization for Linux Services
September 19, 2017

CoreOS’s rkt started at the beginning of 2014 as a security-focused alternative to Docker. The project aimed to create a signature verification of cloud-native apps by default; the intention was to guarantee the integrity of the apps. It also stepped away from the central-daemon design of Docker, which requires root privileges for all operations. By contrast, the rkt process is short-lived, limiting the chances of being exploited, and some of rkt commands can be executed as unprivileged user.

Amir Sharif
Amir Sharif
Amir Sharif is an Aporeto founder and focuses on products.