How to encrypt the upper layer of overlayfs? #9148
Unanswered
schlichtanders
asked this question in
Q&A
Replies: 2 comments 1 reply
-
@mxpv maybe you can clarify my doubts? |
Beta Was this translation helpful? Give feedback.
0 replies
-
Sounds like a good case to use microVMs? Have you looked at Kata containers / firecracker-containerd projects? |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi there,
I am asking myself how to secure a containerd where different containers run which cannot trust each other.
It seems to be, the default containerd overlayfs will write files to the shared underlying blockstorage.
If now the other untrusted container runs, couldn't it demand to read certain blocks from the writable upper layer?
If so, how can I ensure that the upper layer is encrypted with a container-specific key, so that no sensible information is leaked to another container.
Any help is highly appreciated.
Beta Was this translation helpful? Give feedback.
All reactions