How can online compilation environment ensure server-side security? Can docker container development enhance security?

  linux, question

Develop online compilation environment such as www.codepad.org or domestic online programming learning websiteshttp://www.shucunwang.com/Run …

How does this type of website ensure the security of the back end and that the back end is not attacked by malicious code?
Can Docker Development Provide Corresponding Security

Thank you for your advice

Can Container Development Enhance Safety

A: It can enhance security.
First, we need to know about Docker’s security mechanism. Mainly includes several aspects:

  • File system:
    By means of read-only files and copy-on-write methods, containers are prevented from affecting other containers or hosts by modifying files.

  • Namespace:
    This is mainly for cities. Processes in the same namespace can see each other, while processes outside the namespace are invisible and cannot be affected naturally.

  • Resource Limit: Through cgroups mechanism provided by Linux kernel, control the amount of resources that the container can use, such as CPU, content, reading and writing, etc.

In addition, mechanisms such as SELinux and Capability are also included.

Compare the architecture diagram of virtual machine and Docker:

Since the system kernel is shared, the security is still lower than that of virtual machines. Of course, neither docker nor virtual machines can guarantee 100% security.