Replies: 1 comment 1 reply
-
|
Hi @mzupan, thanks for the question. I recommend checking out the Bottlerocket Security Features and Security Guidance pages as good starting points. A specific feature that seems relevant is the immutable rootfs with dm-verity used by Bottlerocket. In addition to the Security Features, we also publish a CIS benchmark. Part of that benchmark calls for keeping the default values of fs.suid_dumpable and randomize_va_space of 0 and 2 respectively. These are the default values in Bottlerocket currently, and you may confirm that the via use of Please let us know if you have anymore questions. |
Beta Was this translation helpful? Give feedback.
-
|
thanks that helps a lot |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Wondering how bottlerocket handles memory safety in containers running on it.
For example, if i have a saas service and sending a LLM requests and those requests to a model are private and somehow someone figures out a jailbreak to the model and can get it to dump memory for example. Will bottlerocket block that or at least add more protections around it then running a container on a standard ubuntu node?
thanks
Beta Was this translation helpful? Give feedback.
All reactions