The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user’s data in it. Not saying it’s likely, but containers don’t really fix much in the way of gaining privileged access to steal information.
Sure, there’s also the scratch image, which is entirely empty… So if your app is just a single statically linked binary, your entire container contents can be a single binary.
The busybox image is also more barebones than alpine, but still has a couple of basic tools.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user’s data in it. Not saying it’s likely, but containers don’t really fix much in the way of gaining privileged access to steal information.
The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless
Ah, so there is something even more barebones than Alpine
Sure, there’s also the scratch image, which is entirely empty… So if your app is just a single statically linked binary, your entire container contents can be a single binary.
The busybox image is also more barebones than alpine, but still has a couple of basic tools.
That’s why it’s containers… in containers
It’s like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!
What if those helmets are watermelon helmets
Then two would still be better than one 😉
So is running it on actual hardware basically rawdoggin?
Wow what an analogy lol