{"id":8632,"date":"2015-12-18T20:32:33","date_gmt":"2015-12-18T17:32:33","guid":{"rendered":"http:\/\/blog.altoros.com\/?p=8632"},"modified":"2021-12-17T18:24:38","modified_gmt":"2021-12-17T15:24:38","slug":"cloud-foundry-security-do-containers-contain","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/","title":{"rendered":"Cloud Foundry Security: Do Containers Contain?"},"content":{"rendered":"<p>New Cloud Foundry users are often worried about how secure containers are. Many ask if it is possible to leave container boundaries or, e.g., for one application to take up all CPU resources, etc. In this post, I will explain what is under the hood of CF containers to answer these questions.<\/p>\n<p>&nbsp;<br \/>\n<!--more--><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#Understanding_CF_containers\" >Understanding CF containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#How_processes_are_isolated\" >How processes are isolated<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#Can_one_app_take_all_resources\" >Can one app take all resources?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#Can_CF_containers_be_trusted\" >Can CF containers be trusted?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#Further_reading\" >Further reading<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Understanding_CF_containers\"><\/span>Understanding CF containers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cloud Foundry containers are basically Linux containers. Note that they are not the same as <a href=\"https:\/\/en.wikipedia.org\/wiki\/LXC\" target=\"_blank\" rel=\"noopener noreferrer\">LXC<\/a>, which were used initially, but were later replaced with another implementation (discussed below) due to their limitations. Linux containers are an <a href=\"https:\/\/en.wikipedia.org\/wiki\/Operating-system-level_virtualization\" target=\"_blank\" rel=\"noopener noreferrer\">OS-level virtualization<\/a> environment for running multiple isolated Linux systems (containers) on a single Linux control host. Containers are based on namespaces and cgroups\u2014both of which are Linux kernel features.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/cloud-foundry-containers-security-altoros.png\" alt=\"cloud-foundry-containers-security-altoros\" width=\"603\" height=\"525\" class=\"aligncenter size-full wp-image-8677\" \/><\/center><\/p>\n<p>A <a href=\"https:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html\" target=\"_blank\" rel=\"noopener noreferrer\">namespace<\/a> wraps a global system resource in an abstraction that makes it appear to the processes within the namespace as if they had their own isolated instance of the global resource. Changes to the global resource are visible to processes that are members of the namespace, but are invisible to other processes. One of the use cases for namespaces is to implement containers.<\/p>\n<p>Cgroups (abbreviated from control groups) is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Linux_kernel\" target=\"_blank\" rel=\"noopener noreferrer\">Linux kernel<\/a> feature that limits, accounts for, and isolates <a href=\"https:\/\/en.wikipedia.org\/wiki\/Resource_(computing)\" target=\"_blank\" rel=\"noopener noreferrer\">resource usage<\/a> (CPU, memory, disk I\/O, network, etc.) of a collection of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Process_(computing)\" target=\"_blank\" rel=\"noopener noreferrer\">processes<\/a>.<\/p>\n<p>Cloud Foundry\u2019s current container implementation is called <a href=\"https:\/\/github.com\/cloudfoundry-attic\/warden\" target=\"_blank\" rel=\"noopener noreferrer\">Warden<\/a>. Warden manages isolated, ephemeral, and resource controlled environments. The project&#8217;s primary goal is to provide a simple API for managing isolated environments\u2014or containers\u2014that can be limited in terms of CPU usage, memory usage, disk usage, and network access.<\/p>\n<p>New-generation Cloud Foundry uses <a href=\"https:\/\/github.com\/cloudfoundry-attic\/garden-linux\" target=\"_blank\" rel=\"noopener noreferrer\">Garden<\/a>\u2014an implementation of Warden in Go, which features backends not only for Linux-based apps, but also for the .NET stack and Docker images.<\/p>\n<p>Read more in this post: <a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-containers-warden-docker-and-garden\/\">Cloud Foundry Containers: Warden, Docker, and Garden<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_processes_are_isolated\"><\/span>How processes are isolated<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Warden creates isolated environments, using namespaces, which make it is possible to have multiple \u201cnested\u201d process trees\u2014each with an entirely independent set of processes. This can ensure that processes belonging to one process tree cannot inspect or kill\u2014in fact, cannot even know about the existence of\u2014processes in other sibling or parent process trees.<\/p>\n<p>Network namespaces allow each of these processes to see an entirely different set of networking interfaces. Even the loopback interface is different for each network namespace. The following diagram is an example of relations between parent and child namespaces.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/cloud-foundry-security-containers-network-namespaces.png\" alt=\"cloud-foundry-security-containers-network-namespaces\" width=\"630\" height=\"498\" class=\"aligncenter size-full wp-image-8647\" \/><\/center><\/p>\n<p>Garden, the runtime of the \u201cnew-generation\u201d Cloud Foundry, goes even further and implements the Linux user namespaces, so getting privileges inside a container doesn\u2019t mean getting the same privileges on the host.<\/p>\n<p>How mature are these features? Namespaces were <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cgroups\" target=\"_blank\" rel=\"noopener noreferrer\">introduced<\/a> in Linux kernel more than eight years ago and cgroups were first released in 2007. CoreOS, Docker, Hadoop, and other projects use cgroups as their basis.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can_one_app_take_all_resources\"><\/span>Can one app take all resources?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Resource control is handled by Control Groups (cgroups). Every container is placed in its own control group, where it is limited in the amount of memory requested for the container and a proportional amount of memory. I say proportional for simplicity, the actual <a href=\"https:\/\/docs.cloudfoundry.org\/concepts\/diego\/dea-vs-diego.html\" target=\"_blank\" rel=\"noopener noreferrer\">algorithm<\/a> is smarter and a bit more sophisticated.<\/p>\n<p>Every container within CF gets a private root file system created by stacking a read-only and a read-write file system together. This is implemented with aufs on Ubuntu versions 10.04 to 11.10 and overlayfs on Ubuntu 12.04.<\/p>\n<p>The read-only file system contains the minimal set of Ubuntu packages and Warden-specific modifications common to all containers. The read-write file system stores files, overriding container-specific settings, when necessary. Because all writes are applied to the read-write file system, containers can share the same read-only base file system.<\/p>\n<p>The read-write file system is created by formatting a large sparse file. Since the size of this file is fixed, the file system that it contains cannot grow beyond this initial size. As a result, each container only gets access the allocated amount of resources, no more and no less.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can_CF_containers_be_trusted\"><\/span>Can CF containers be trusted?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Let\u2019s sum it up. Cloud Foundry uses containers to ease deployment and management of apps and their dependencies, but the isolation that containers provide also results in increased security, because it reduces the degree to which applications can interact with each other. Containers are based on namespaces and cgroups\u2014core Linux kernel features that have been around for years and serve as the basis for many popular projects. So, we believe that you can trust CF containers as much as you can trust the Linux kernel itself.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\">Cloud Foundry Security Overview<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-containers-warden-docker-and-garden\/\">Cloud Foundry Containers: Warden, Docker, and Garden<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-garden-back-ends-container-security-and-debugging-oss-cf\/\">Cloud Foundry\u2019s Garden: Back Ends, Container Security, and Debugging<\/a><\/li>\n<\/ul>\n<hr>\n<p><center><\/p>\n<p dir=\"ltr\"><small>For the next parts of this series, subscribe to our blog or follow <a href=\"https:\/\/twitter.com\/altoros\" target=\"_blank\" rel=\"noopener noreferrer\">@altoros<\/a>.<\/small><\/p>\n<table style=\"width:300px\">\n<tr>\n<td>[wysija_form id=&#8221;1&#8243;]<\/td>\n<\/tr>\n<\/table>\n<p><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Cloud Foundry users are often worried about how secure containers are. Many ask if it is possible to leave container boundaries or, e.g., for one application to take up all CPU resources, etc. In this post, I will explain what is under the hood of CF containers to answer [&#8230;]<\/p>\n","protected":false},"author":39,"featured_media":19003,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[873,206],"class_list":["post-8632","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cloud-native","tag-oss-cloud-foundry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cloud Foundry Security: Do Containers Contain? | Altoros<\/title>\n<meta name=\"description\" content=\"Learn how containers use namespaces and cgroups, why isolated processes increase security, as well as how many CPU resources a single app can consume.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud Foundry Security: Do Containers Contain? | Altoros\" \/>\n<meta property=\"og:description\" content=\"New Cloud Foundry users are often worried about how secure containers are. Many ask if it is possible to leave container boundaries or, e.g., for one application to take up all CPU resources, etc. In this post, I will explain what is under the hood of CF containers to answer [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-18T17:32:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-17T15:24:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"455\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Aliaksandr Prysmakou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Aliaksandr Prysmakou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\",\"name\":\"Cloud Foundry Security: Do Containers Contain? | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif\",\"datePublished\":\"2015-12-18T17:32:33+00:00\",\"dateModified\":\"2021-12-17T15:24:38+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/7ca769005f4d785a1f0c791313254262\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif\",\"width\":455,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud Foundry Security: Do Containers Contain?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/7ca769005f4d785a1f0c791313254262\",\"name\":\"Aliaksandr Prysmakou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7a200d186ae9316c7d174cf2290417a7bab1f5cffb9e880f7c3b0ea5eed08898?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7a200d186ae9316c7d174cf2290417a7bab1f5cffb9e880f7c3b0ea5eed08898?s=96&d=mm&r=g\",\"caption\":\"Aliaksandr Prysmakou\"},\"description\":\"Aliaksandr Prysmakou is a Cloud Foundry DevOps Engineer at Altoros. He is an expert in cloud automation and virtualization. As a member of a joint team formed by Canonical, Pivotal, and Altoros, Alex worked on automating Cloud Foundry deployment with the Juju orchestration platform. He also contributed to extending BOSH to support new cloud providers. Previously, Alex designed templates to automate management of Microsoft solutions on the RightScale platform and provided fault tolerance for Microsoft SQL Server.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/alex-prismakov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud Foundry Security: Do Containers Contain? | Altoros","description":"Learn how containers use namespaces and cgroups, why isolated processes increase security, as well as how many CPU resources a single app can consume.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/","og_locale":"en_US","og_type":"article","og_title":"Cloud Foundry Security: Do Containers Contain? | Altoros","og_description":"New Cloud Foundry users are often worried about how secure containers are. Many ask if it is possible to leave container boundaries or, e.g., for one application to take up all CPU resources, etc. In this post, I will explain what is under the hood of CF containers to answer [...]","og_url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/","og_site_name":"Altoros","article_published_time":"2015-12-18T17:32:33+00:00","article_modified_time":"2021-12-17T15:24:38+00:00","og_image":[{"width":455,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif","type":"image\/gif"}],"author":"Aliaksandr Prysmakou","twitter_misc":{"Written by":"Aliaksandr Prysmakou","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/","url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/","name":"Cloud Foundry Security: Do Containers Contain? | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif","datePublished":"2015-12-18T17:32:33+00:00","dateModified":"2021-12-17T15:24:38+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/7ca769005f4d785a1f0c791313254262"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/12\/Cloud-Foundry-Security-Do-Containers-Contain.gif","width":455,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cloud Foundry Security: Do Containers Contain?"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/7ca769005f4d785a1f0c791313254262","name":"Aliaksandr Prysmakou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7a200d186ae9316c7d174cf2290417a7bab1f5cffb9e880f7c3b0ea5eed08898?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7a200d186ae9316c7d174cf2290417a7bab1f5cffb9e880f7c3b0ea5eed08898?s=96&d=mm&r=g","caption":"Aliaksandr Prysmakou"},"description":"Aliaksandr Prysmakou is a Cloud Foundry DevOps Engineer at Altoros. He is an expert in cloud automation and virtualization. As a member of a joint team formed by Canonical, Pivotal, and Altoros, Alex worked on automating Cloud Foundry deployment with the Juju orchestration platform. He also contributed to extending BOSH to support new cloud providers. Previously, Alex designed templates to automate management of Microsoft solutions on the RightScale platform and provided fault tolerance for Microsoft SQL Server.","url":"https:\/\/www.altoros.com\/blog\/author\/alex-prismakov\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/8632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=8632"}],"version-history":[{"count":13,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/8632\/revisions"}],"predecessor-version":[{"id":65760,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/8632\/revisions\/65760"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/19003"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=8632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=8632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=8632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}