suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A suEXEC-based validation in containers' startup

6DIJP,POEP(.01FQBCP *OD
84"ݚڀձ
TV&9&$ηΩϡϦςΟϞσϧΛ
ϕʔεʹͨ͠ίϯςφىಈ࣌ͷ
όϦσʔγϣϯͷఏҊ

View Slide

ΤϯδχΞ
ۙ౻Ӊஐ࿕!VE[VSB
ٕज़෦ٕज़ج൫νʔϜ

View Slide

໨࣍
લఏ
ίϯςφ؀ڥఏڙͷࡍͷηΩϡϦςΟత՝୊
લఏ
ίϯςφʹ·ͭΘΔηΩϡϦςΟػߏͷ੔ཧ
ఏҊ͢ΔόϦσʔγϣϯػߏʹ͍ͭͯ
՝୊ɾٞ࿦͍ͨ͜͠ͱ

View Slide

ίϯςφ؀ڥఏڙͷࡍͷ
ηΩϡϦςΟత՝୊

View Slide

8FCαʔϏεఏڙͰͷίϯςφͷར༻
w ಥൃతΞΫηε૿ͳͲ΁ͷରॲͷͨΊɺ8FCαʔϏεͷӡ༻ऀ͸ߴ଎͔ͭॊೈͳϦιʔ
ε੍ޚΛ͍ͨ͠ɻ
w ٸͳϦιʔε௥Ճ΁ͷରԠɺෆཁͳ࣌͸ݮΒ͢ɺͳͲɻ
w ίϯςφ͸ͦͷىಈͷߴ଎͞ͳͲͷੑ࣭͔Βɺͦͷ໨తʹ͓͋ͬͯΓීٴ͕ਐΈͭͭ
͋Δɻ
w )BDPOJXB࿦จ
Ͱ΋͜ͷલఏʹ͍ͭͯड़΂͍ͯΔ
w ࠓճ͸ͦͷதͰ΋ɺϗεςΟϯά؀ڥʹ͓͍ͯߴ଎͔ͭॊೈͳϦιʔε੍ޚΛ࣮ݱ͢
ΔͨΊʹίϯςφΛར༻͢Δʹ͋ͨΓɺηΩϡϦςΟͷ໰୊Λ੔ཧ͢Δ

IUUQTSBOEQFQBCPDPNQBQFSTJQTKODVE[VSBQEG

View Slide

ίϯςφఏڙ࣌ͷηΩϡϦςΟత՝୊
ίϯςφͷ಺෦͔ΒɺίϯςφΛϗετ͍ͯ͠Δ਌ͷ04ʹʮ୤ࠈʯ͕Ͱ
͖Δ৔߹
ίϯςφͷ಺෦͔Βɺίϯςφͷ֎෦؀ڥ͕ݟ͑ͨΓૢ࡞Ͱ͖Δ৔߹
ίϯςφͷ಺෦ʹ͍ͭͯɺαʔϏεఏڙऀ͕ҙਤ͠ͳ͍ઃఆมߋ΍ϑΝΠ
ϧͷૢ࡞͕Ͱ͖Δ৔߹
ίϯςφͷىಈ࣌ʹɺαʔϏεఏڙऀ͕ҙਤ͠ͳ͍ίϚϯυɺҾ਺ɺݖ
ݶͰͷىಈΛ͞ΕΔ৔߹

View Slide

ίϯςφͷ಺෦ˠίϯςφͷϗετ
w͍ΘΏΔʮ୤ࠈʯ
-JOVY/BNFTQBDF
DISPPU
$POUBJOFST
)PTU04

VODISPPUIUUQTHJTUHJUIVCDPN'JMP4PUUJMF
❌
❓❓
௨ৗɺίϯςφ಺෦͔Βϗετͷ৘
ใ͸ɺ-JOVY/BNFTQBDFͳͲʹΑ
Γִ཭͞ΕΞΫηεͰ͖ͳ͍
⚠੬ऑੑɺઃఆϛεɺ࢓্༷ͷൈ͚݀

ͳͲʹΑΓ֎෦ͷ৘ใʹΞΫηεͰ͖Δ
͜ͱ͕͋Δʹʮ୤ࠈʯ

View Slide

ίϯςφͷ಺෦ˠݟͤͨ͘ͳ͍֎෦
wωοτϫʔΫ্ͷଞͷϗετ΁ͷΞΫηεɺ௨৴ͷ๣ௌͳͲ
B

C
D

E

ίϯςφB
ͷ؀ڥΛ֎෦ʹఏڙ͢Δ৔߹ɺ
B
͔Βݟ͑ͯ͸͍͚ͳ͍ϛυϧ΢ΣΞD
ʹΞΫηεͰ͖Δɺ
B
͔Β؅ཧίϯςφE
ʹΞΫηεͰ͖ΔɺͳͲ
B
ͱE
͕ಉ͡WYMBOͷ৔߹ͳͲ΋ߟ͑ΒΕΔͩΖ͏
0, TFDSFU
"ENJODPOUBJOFST
$POUBJOFSTUPQSPWJEF
❌
⭕ ❌

View Slide

ίϯςφͷ಺෦Λӽݖతʹૢ࡞Ͱ͖Δ
wίϯςφ಺෦ͷಛݖΛ༩͍͑ͯͳ͍ͷʹɺϑΝΠϧΛૢ࡞Ͱ͖Δ
FUDQBTTXE
FUDTIBEPX
FUDOHJOYOHJOYDPOG
QSPDTZT
WBSSVOEPDLFS
"$POUBJOFS
ίϯςφ಺ͷ௨ৗϢʔβʔ
·ͨ͸ݖݶ੍ݶ͞ΕͨSPPU
౰વɺෆཁͳϑΝΠϧૢ࡞͸ෆՄ
⚠੬ऑੑͳͲͷར༻Ͱ
SPPUʹͳΔ
⚠ઃఆ࿙ΕͳͲͰ
ෆཁͳݖݶ͕෇͍ͯݖݶୣऔ
ૢ࡞
ૢ࡞

⚠ݖݶઃఆΛޡͬͯ
෇༩Ϛ΢ϯτ͢Δ͜ͱ΋

View Slide

ҙਤ͠ͳ͍Φϓγϣϯ౳Ͱίϯςφىಈ
wίϯςφͷىಈΛϢʔβͰίϯτϩʔϧͰ͖Δ৔߹͕͋Δ

ਖ਼ৗͳઃఆͰىಈ
ෆਖ਼ͳઃఆͰىಈɺ
ͦͷޙෆਖ਼ͳૢ࡞
ίϯςφͰ͸ͳ͍
ϛυϧͳͲΛ
ىಈͤ͞ΒΕΔ
ίϯςφىಈͷܖػ
ͱͳΔΠϕϯτ
$*αʔϏε౳
δϣϒ։࢝
'BTU$POUBJOFS
લஈͷΠϕϯτΛड͚औΔ૚
[email protected]

ίϯςφϥϯλΠϜ
⚠ෆਖ਼ͳύϥϝʔλΛ౉͞ΕΔɺͳͲ

View Slide

ίϯςφʹ·ͭΘΔ
ηΩϡϦςΟػߏͷ੔ཧ

View Slide

ίϯςφʹؔ͢ΔηΩϡϦςΟػߏ
" 6TFS/BNFTQBDF
# ,FSOFM$BQBCJMJUJFT
$ TFDDPNQ
% .BOEBUPSZ"DDFTT$POUSPM
& 4FSWJDF.FTIJOH
' 3PPUMFTT6OQSJWJMFHFEDPOUBJOFST
( )ZQFSWJTPST

View Slide

6TFS/BNFTQBDF
wϗετ໊ͳͲͷΑ͏ʹຊདྷ04άϩʔόϧʹଘࡏ͢ΔϦιʔεʹ͍ͭͯ 
04಺෦Ͱ໊લۭؒΛ࡞੒͠ɺ 
ෳ਺Λଘࡏͤ͞࢖͍෼͚Δ 
-JOVY/BNFTQBDF

wϢʔβ*%ʹ໊͍ͭͯલۭؒΛ 
࡞ΓɺϗετͷඇSPPUΛ 
ίϯςφͷ؅ཧऀʹɻ

View Slide

,FSOFM$BQBCJMJUJFT
wSPPUͷ࣋ͭಛݖΛɺ෼ׂ͠ɺҰ෦Λണୣ͋Δ͍͸෇༩Ͱ͖Δ
$"[email protected]$)08/
$"[email protected],*--
$"[email protected]:[email protected]*.&
$"[email protected]:[email protected]"%.*/
$"[email protected]/&[email protected]"8
$"[email protected]/&[email protected]#*/%@4&37*$&

5SBEJUJPOBM
SPPU
$BQBCJMJUJFT
-JNJUFE
SPPU
VTSMPDBMCJOTFSWFSGPP
Ұ෦ૢ࡞͕Ͱ͖ͳ͍ 
SPPU
FH࣌ؒૢ࡞͕Ͱ͖
ͳ͍ɺLJMMͰ͖ͳ͍
ҰൠϢʔβ͕ىಈͯ͠΋
ಛݖϙʔτΛϦοεϯͰ͖ΔɺͳͲ
Ұ෦Λണୣ
Ұ෦Λ
ϑΝΠϧʹ෇༩

View Slide

TFDDPNQ.BOEBUPSZ"DDFTT$POUSPM
wϢʔβͷࠓͷݖݶʹ͔͔ΘΒͣɺҰ෦ૢ࡞Λ੍ݶɾ؂ࠪ͢Δ
wTFDDPNQͰ͋Ε͹γεςϜίʔϧɺ."$Ͱ͋Ε͹ϑΝΠϧΞΫηεͳͲ
SPPU
TFDDPNQͷίϯςΫετ
"QQ"SNPSͷϓϩϑΝΠϧ
SPPUͷ࡞੒ͨ͠ϓϩηε
SPPUͷ࡞੒ͨ͠ϓϩηε
,FSOFM04
γεςϜίʔϧݺग़
ϑΝΠϧΞΫηεɺ
ιέοτར༻ͳͲ
❌
❌
⭕
⭕

View Slide

4FSWJDF.FTIJOH
wίϯςφಉ࢜ͷ૬ޓͷωοτϫʔΫɺૄ௨ΛɺίʔυͳͲʹΑΓίϯτϩʔϧ
͢Δ͜ͱΛ4FSWJDF.FTIͱݺͼɺίϯςφͷจ຺Ͱ࢖ΘΕΔ
/PEF1PPMෳ਺ͷ෺ཧϗετΛ୯Ұͷϓʔϧͱͯ͠ѻͬͨ΋ͷ
4FSWJDF.FTI $POUSPM1MBOF
ίϯςφಉ࢜ͷૄ௨ͷڐՄېࢭ
FHηΩϡϦςΟάϧʔϓ

ίϯςφؒͷ௨৴ͷ؂ࠪ
௨৴ܦ࿏ͷ҉߸Խ 5-4ଞ

❌
⭕

✈

View Slide

3PPUMFTT6OQSJWJMFHFEDPOUBJOFST
w
όΠφϦࣗମΛTFUVTFSJESPPU͢Δ
w
-9$ํࣜͷඇಛݖίϯςφʢ6TFS/BNFTQBDFΛར༻ʣ
w
/55ਢాࢯʹΑΔ3PPUMFTTSVOD΄͔ʢػೳ੍ݶ͋Γʣ
w ϝϦοτɾσϝϦοτ·ͱΊ
όΠφϦͷTFUVJESPPU
όΠφϦͷݖݶ͕େ͖͘ɺ
͞ΒͳΔ੍ޚΛ͢ΔͨΊͷରԠ͕ඞཁ
-9$ํࣜͷඇಛݖίϯςφ
Ұ෦όΠφϦΛTFUVJESPPU͢ΔͷͰ
ίϯςφͷػೳͷมԽͰ௥ՃͳͲରԠ͕ඞཁ
3PPUMFTTSVOD
ωοτϫʔΫ͕UBQͷΈͳͲ
ػೳʹ੍ݶ͕͋Δ

View Slide

)ZQFSWJTPS౳ͷར༻ʢ༧ߘͰ͸ະݴٴʣ
wίϯςφٕज़ͷηΩϡϦςΟػߏͷଟ͘͸04ͷதͰด͍ͯ͡Δ͕ɺ 
ܰྔͳϋΠύʔόΠβͳͲΛར༻͠ɺͦͷൣғΛ௒͑ͨαϯυϘοΫ
εԽΛ࣮ݱ͢Δٕज़͕ݱΕ͍ͯΔ
wH7JTPS
ͷ3&"%.&ΑΓ

IUUQTDMPVEQMBUGPSNHPPHMFCMPHDPN0QFOTPVSDJOHH7JTPSBTBOECPYFEDPOUBJOFSSVOUJNFIUNM

View Slide

Ґஔ෇͚Δ
w՝୊͸ΧʔωϧίϯςφϥϯλΠϜͰखް͘Χόʔ
w՝୊͸4FSWJDF.FTIͷਐԽͰ
w՝୊͸ඇಛݖίϯςφ͕ 
༗ޮ͔

View Slide

՝୊΁ͷରԠ
ػೳ໊ ରԠՄೳͳ՝୊
6TFS/BNFTQBDF

,FSOFM$BQBCJMJUJFT
TFDDPNQ
.BOEBUPSZ"DDFTT$POUSPM

4FSWJDF.FTI
ඇಛݖίϯςφ
ϋΠύʔόΠβͷར༻

View Slide

՝୊΁ͷରԠ͸ݶఆత
ػೳ໊ ରԠՄೳͳ՝୊
6TFS/BNFTQBDF

,FSOFM$BQBCJMJUJFT
TFDDPNQ
.BOEBUPSZ"DDFTT$POUSPM

4FSWJDF.FTI
ඇಛݖίϯςφ
ϋΠύʔόΠβͷར༻

View Slide

ఏҊ͢Δ
όϦσʔγϣϯػߏʹ͍ͭͯ

View Slide

ఏҊ͢Δख๏
wTV&9&$ηΩϡϦςΟϞσϧ
ϕʔεͷݕࠪಋೖ
wTV&9&$ηΩϡϦςΟϞσϧ
"QBDIF)551αʔό͕$(*͋Δ͍͸44*Λ࣮ߦ͢Δࡍʹɺ"QBDIF
ࣗମͷϢʔβ*%ͱ͸ҟͳΔϢʔβ*%Ͱ࣮ߦ͢Δࡍʹߟྀ͍ͯ͠Δ
Ϟσϧ
w ՝୊΁ͷ͞ΒͳΔରԠʹओ؟Λஔ͘

IUUQTIUUQEBQBDIFPSHEPDTKBTVFYFDIUNM

View Slide

TV&9&$ηΩϡϦςΟϞσϧͱ͸
w·ͣɺTV&9&$ʹ͍ͭͯ
"QBDIF
VTFSBQBDIF $(*QSPDFTT
VTFSVTFS
$(*QSPDFTT
VTFSVTFS
TVFYFDίϚϯυ
IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ
7JSUVBM)PTU
͝ͱͷઃఆ
$(*ͳͲͷ࣮ߦ
͓ޓ͍ʹݖݶ෼཭
γεςϜྖҬ΋ݟ͑ͳ͍
"QBDIFͷઃఆ౳

View Slide

TV&9&$ηΩϡϦςΟϞσϧ͕ඞཁͳཧ༝
wTFUVTFSJESPPU͞ΕͨόΠφϦΛܦ༝࣮ͯ͠ݱ͍ͯ͠ΔͨΊ
"QBDIF
VTFSBQBDIF $(*QSPDFTT
VTFSVTFS
$(*QSPDFTT
VTFSVTFS
TVFYFDίϚϯυ
IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ
TFUVJE
ͳͲΛ࣮ߦ͢ΔͨΊɺ
TVFYFDίϚϯυ͸TFUVTFSJESPPU
͞ΕͨόΠφϦͱͳ͍ͬͯΔɻ
ඞཁҎ্ͷૢ࡞͕Ͱ͖ͳ͍Α͏ͳ
Կ͔͠Βରࡦ͕ඞਢ
"QBDIFͷઃఆ౳

View Slide

ίϯςφΠϕϯτΛड͚औΔલஈαʔϏε
wίϯςφʹ͸ɺىಈΠϕϯτΛड͚औΔલஈαʔϏε͕͋Δ
w'BTU$POUBJOFSͷ[email protected]ɺSVODʹର͢ΔDPOUBJOFSEɺͳͲ
/HJOY͸Πϯλʔωοτʹެ։͞ΕΔ
ݖݶ΁ͷߟྀ͕ඞཁ
ͨͩ͠ɺݖݶ੍ޚ͸ೝূͳͲͰߦ͑Δ

View Slide

ίϯςφͷલஈϓϩάϥϜͱൺֱ͢Δ
wલஈΛ[email protected]ͱͨ͠'BTU$POUBJOFSΞʔΩςΫνϟ
[email protected]
VTFSOHJOY
ίϯςφ
VTFSVTFS
ίϯςφ
VTFSVTFS
IBDPOJXBίϚϯυ
IPTUGPPFYBNQMFKQ
IPTUCBSFYBNQMFKQ
ίϯςφϛυϧઃఆ౳
)PTUϔομͳͲ͔Β
ίϯςφͷ৘ใΛ࡞੒
TFUVJESPPU
͍ͨ͠ͷͰ
ରԠ͕ඞཁ
6TFS/BNFTQBDFʹΑΓ
ίϯςφ಺Ͱ͸SPPU
ݖݶ෼཭
ݖݶ෼཭

View Slide

TV&9&$ηΩϡϦςΟϞσϧͷৄࡉ
wಛ௃ͱͯ͠͸
ඞཁҎ্ͷݖݶɾࢀরΛ༩͑ͳ͍
6/*9Ϣʔβϕʔε
ن໿ʹΑΔ୲อ
ෆਖ਼ͳ*%ͳͲ͸ݫ͘͠ݕࠪ

View Slide

ίϯςφͷىಈϓϩηεʹରԠ͢Δ
TV&9&$ͷ༻ޠ ίϯςφͰͷରԠ
XSBQQFS ίϯςφϥϯλΠϜ
XSBQQFSͷ࣮ߦϢʔβ ίϯςφϥϯλΠϜͷલஈαʔϏε
ର৅ͷ$(*౳
ίϯςφͷ1*%ϓϩηε
ʢJOJUͱݺͿʣ
ର৅ͱͳΔϢʔβ*% ίϯςφͷJOJU࣮ߦϢʔβ
υΩϡϝϯτσΟϨΫτϦ SPPUT

View Slide

ݩͷ෼ྨΛύλʔϯʹ੔ཧ
wόϦσʔγϣϯͱͯ͠બ୒తʹॲཧ͢΂͖΋ͷ
ઃఆͱόΠφϦͷΦ΢φʔҰகɺSPPUGTͷҐஔɺJOJUΛ࣮ߦ͢ΔϢʔβ*%ʹؔ
͢Δ੍ݶɺ؀ڥม਺ͷݕࠪͳͲΛߦ͏ʢϧʔϧʣ
wΤϥʔͱͯ͠ॲཧ͢΂͖΋ͷ
*%ͷଘࡏ֬ೝͳͲக໋తͳ΋ͷ͸ඞͣݕࠪ͢Δʢϧʔϧʣ
wίϯςφͷӡ༻ͷੑ্࣭ɺ࣮૷͢΂͖͔Ͳ͏͔ݕ౼͕ඞཁͳ΋ͷ
ίϯςφͷػೳͱ୯७ͳରԠؔ܎ʹͳ͍ɾ୯७ରԠΛ͢Δͱӡ༻ͷ໰୊͕ى
͖ͦ͏ͳ΋ͷ͸ࠓճอཹ͢Δʢϧʔϧʣ

View Slide

࣮૷ͷৄࡉͳํ਑ͳͲิҨ
wʮΤϥʔͱͯ͠ॲཧ͢΂͖΋ͷʯͱͨ͠ϧʔϧ͸ద੾ͳΤϥʔϝο
ηʔδΛग़͢Α͏ʹ͢Δ
wબ୒తʹॲཧ͢΂͖΋ͷʹ͍ͭͯ͸ɺϏϧυ࣌ΦϓγϣϯͰͲͷݕࠪ
Λ࣮ࢪ͢Δ͔ΛࢦఆՄೳͱ͢ΔɻΦϓγϣϯ͕ଟ͍΄ͲηΩϡΞ͕ͩ
࡞੒Ͱ͖Δίϯςφʹ੍ݶ͕͋Δɻগͳ͍ͱٯͷੑ࣭ͱͳΔɻ
wϏϧυ࣌Φϓγϣϯʹͨ͠ͷ͸ɺ֎෦ͷઃఆͰ͸ڍಈΛม͑ͳ͍όΠ
φϦࣗମͷΦϓγϣϯͱ͠ɺ߈ܸͷػձΛݮΒ͢ͱ͍͏ҙਤ

View Slide

۩ମత࣮૷
wචऀͷ։ൃ͢ΔίϯςφϥϯλΠϜ)BDPOJXBͰॱ࣮࣍૷͢Δ༧ఆ
wʮίϯςφϥϯλΠϜͷઃఆϑΝΠϧͱɺίϯςφϥϯλΠϜࣗ਎ͷ
Φ΢φʔ͕Ұக͢Δ͔ʯͷݕࠪΛ࣮૷ࡁ
w)BDPOJXB͸NSVCZͷϏϧυ%4- 
ʢ3VCZ%4-ʣΛར༻Ͱ͖ 
ॊೈʹϏϧυΦϓγϣϯઃఆՄೳ

View Slide

·ͱΊ
wίϯςφΛར༻ͨ͠ϗεςΟϯά؀ڥͷఏڙʹ͓͍ͯɺ͍͔ͭ͘ߟྀ͢΂͖
ηΩϡϦςΟత՝୊͕͋Δɻ
wͦͷ͏ͪɺʮఏڙ͢Δίϯςφࣗମͷىಈ࣌ͷηΩϡϦςΟʯʹؔͯ͠͸ɺ
ඇಛݖίϯςφ͕༗ޮͰ͋Δ͕ɺͦͷޮՌΛTV&9&$ͷηΩϡϦςΟϞσ
ϧΛϕʔεͱͨ͠όϦσʔγϣϯ͕ΑΓߴΊΔͷͰ͸ͳ͍͔
wҰൠͷ8FCαʔόͷϓϩηεىಈͱίϯςφͷىಈͷҧ͍ʹଈͨ͠ରԠ෇
͚Λ࣮ͯ͠૷ΛਐΊ͍ͨ

View Slide

՝୊ɾٞ࿦͍ͨ͠఺

View Slide

՝୊
w۩ମత࣮૷΁ͷམͱ͠ࠐΈ
͜Ε͸ॱ࣍࡞͍ͬͯ͘͹͔ΓͰ͋Δ
wʮ࣮૷͢΂͖͔Ͳ͏͔ݕ౼͕ඞཁͳ΋ͷʯͷݕ౼
ͦ΋ͦ΋࣮૷͠ͳ͍͍ͯ͘ͷ͔ɺक͍ͬͯΔ΋ͷͷΤοηϯε͸Կ͔
wಋೖޙͷ໰୊఺ɺ༗ޮੑͷݕূ
ύϑΥʔϚϯεɺ࣮ࡍʹ߈ܸΛ๷͛Δ͔ɺӡ༻ཁ݅Λຬ͔ͨ͢FUD

View Slide

ٞ࿦͍ͨ͠ͱ͜Ζ
TV&9&$ϞσϧΛώϯτʹͨ͜͠ΕΒͷݕࠪ͸ຊ౰ʹηΩϡΞʹͳΔͷ͔ʁ
" ίϯςφͷىಈͱҰൠͷ8FCαʔόͷϓϩηεىಈΛൺֱ͍ͯ͠Δ͕ɺ
ଥ౰ͳͷ͔Ͳ͏͔
# 'BTU$POUBJOFSͷΑ͏ͳ৔߹ͷΈͳͷ͔ɺҰൠʹ༗ޮͳͷ͔
Ұ෦ɺݩͷϞσϧͰͦͷ··ద༻Ͱ͖ͳͦ͏ͳ΋ͷ͕͋Δͱ࿦͕ͨ͡ɺ 
ͦΕΒͷѻ͍ΛͲ͏͢Δͱྑ͍͔ʁ
ӡ༻ʹ৐ͤͨࡍͷޮՌଌఆʹ͸ͲͷΑ͏ͳํ๏͕ߟ͑ΒΕΔ͔ʁ

View Slide

ࢀߟࢿྉͳͲ
w༧ߘIUUQTHJUIVCDPNVE[VSBXTBTHOEESBGUUSFFNBTUFSESBGUSFBENF

wࢀߟจݙͷ͏ͪɺεϥΠυͰϦϯΫΛࣔ͞ͳ͔ͬͨ΋ͷʢ࿦จ౳ʣ
w ۙ౻͏͓ͪଞ )BDPOJXBϓϩάϥϜʹΑΔɺ૊ΈཱͯՄೳੑͱ֦ுੑΛ࣋ͭ-JOVYίϯςφ ৘ใॲཧֶձୈճ
શࠃେձߨԋ࿦จू
w দຊ྄հଞ 'BTU$POUBJOFS8FCΞϓϦέʔγϣϯίϯςφͷঢ়ଶΛϦΞΫςΟϒʹܾఆ͢Δίϯςφ؅ཧΞʔΩς
Ϋνϟ ୈճΠϯλʔωοτͱӡ༻ٕज़ݚڀձ
w দຊ྄հଞ 8FCαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͱӡ༻ٕज़ ిࢠ৘ใ௨৴ֶձ࿦จࢽ#ͷ7PMVNF
+#/P
wλΠτϧը૾͸QJYBCBZDPNΑΓɺQVCMJDEPNBJOͷ΋ͷΛར༻ͨ͠

View Slide

suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A suEXEC-based validation in containers' startup

suEXEC セキュリティモデルをベースにしたコンテナ起動時のバリデーションの提案 / A suEXEC-based validation in containers' startup

KONDO Uchio

More Decks by KONDO Uchio

Other Decks in Technology

Featured

Transcript