Skip to content

Commit c5ccf67

Browse files
dlepowdlepow
committed
terminology
1 parent 1e357eb commit c5ccf67

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

articles/container-instances/container-instances-image-security.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -89,13 +89,13 @@ The concept of least privileges is a basic security best practice that also appl
8989

9090
You can also minimize the potential attack surface by removing any unused or unnecessary processes or privileges from the container runtime. Privileged containers run as root. If a malicious user or workload escapes in a privileged container, the container will then run as root on that system.
9191

92-
### Whitelist files and executables that the container is allowed to access or run
92+
### Preapprove files and executables that the container is allowed to access or run
9393

94-
Reducing the number of variables or unknowns helps you maintain a stable, reliable environment. Limiting containers so they can access or run only preapproved or whitelisted files and executables is a proven method of limiting exposure to risk.
94+
Reducing the number of variables or unknowns helps you maintain a stable, reliable environment. Limiting containers so they can access or run only preapproved or safelisted files and executables is a proven method of limiting exposure to risk.
9595

96-
It’s a lot easier to manage a whitelist when it’s implemented from the beginning. A whitelist provides a measure of control and manageability as you learn what files and executables are required for the application to function correctly.
96+
It’s a lot easier to manage a safelist when it’s implemented from the beginning. A safelist provides a measure of control and manageability as you learn what files and executables are required for the application to function correctly.
9797

98-
A whitelist not only reduces the attack surface but can also provide a baseline for anomalies and prevent the use cases of the "noisy neighbor" and container breakout scenarios.
98+
A safelist not only reduces the attack surface but can also provide a baseline for anomalies and prevent the use cases of the "noisy neighbor" and container breakout scenarios.
9999

100100
### Enforce network segmentation on running containers
101101

0 commit comments

Comments
 (0)