Processing untrusted content + motivated attackers means that the JVM + docker may not be sufficient to prevent moving laterally from a compromised container or taking data out from the container. There are of course measures to do network-level isolation of the container if that happens, but some extra security cannot hurt. Seccomp could at least remove some of the means that an attacker can execute code that moves laterally. Gvisor as well, for kernel exploits.
On Wed, Jun 2, 2021 at 5:18 PM Tim Allison <[email protected]> wrote: > Interesting. I haven't done this personally. What are your > goals/fears? How is Docker not enough to, erm, contain Tika? > > On Wed, Jun 2, 2021 at 11:04 AM Cristian Zamfir <[email protected]> > wrote: > > > > Hi, > > > > I was looking at options to sandbox Tika (running in Docker). > > > > One option is seccomp, but I suspect that many syscals are being used by > the JVM so it will not be very useful. > > > > Another option is gvisor https://gvisor.dev/docs > > > > Did anyone try any of these, do you have experience with them? > > > > Thanks, > > Cristi >
