You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -229,7 +229,9 @@ Containerd allows people to use different container systems. This gives users of
**- Plug-ins:**
Containerd allows external plugins like AppArmor and Seccomp which can decrease the attack surface of the container management. However, this also creates separate challenges not managable directly from a Containerd implementation.
Containerd is built with a modular architecture so that other technologies can be integrated to enable new capabilities. The advantage with containerd is that these plugins can enhance the functionality of the system without needing to rebuild the containerd itself.
Popular systems include metadata, container managers, filesystem differentiators, and GRPC APIs. While this is a strength of Containerd, this modularity has been the culprit of most of its previous problems. This is mostly up to others and containerd has many times not handled these plugins correctly, leading to information being unnecessary leaked. In a way, one of its greatest strengths is its greatest security vulnerability.
