在vm上运行码头工具的优点是什么? [英] what are the advantages of running docker on a vm?
问题描述
Docker不提供内核级安全漏洞的有效隔离(只有一个环0,它共享所有容器)。因此,人们可以合理地希望通过虚拟化机制提供额外的隔离。
请记住,Docker的价值不在于安全性,而是关于容器化 - 构建和分发便携式应用程序,以确保层之间的耦合仅发生在何处以及如何意图。
Docker is an abstraction of OS (kernal) and below, VM is abstraction of Hardware. What is the point of running a Docker on an VM (like Azure) (apart from app portability)? should they not be directly hosting docker on the hardware?
Docker doesn't provide effective isolation for kernel-level security exploits (there's only one ring 0, and it's shared across all containers). Thus, one could reasonably wish to have the additional isolation provided by a virtualization mechanism.
Keep in mind that much of Docker's value is not about security, but about containerization -- building and distributing portable applications in such a way as to ensure that coupling between layers occurs only where and how intended.
这篇关于在vm上运行码头工具的优点是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!