Forging Valeris: Building a Rust CLI to Secure Docker & Kubernetes
Track my open-source journey as I forge Valeris, a lightning-fast Rust CLI that scans Docker and (soon) Kubernetes for misconfigurations. Each bite-size post dives into design choices, Rust code, plugin architecture, and security checks from root users and dangerous mounts to secret leaks so you learn Rust, DevOps, and container hardening all at once.
All Articles
Explore all 2 articles in this series, ordered from oldest to newest
Docker Security: Dissecting Namespaces, cgroups, and the Art of Misconfiguration
Docker uses namespaces, cgroups & OverlayFS for isolation, but misconfigs (root, --privileged, sensitive mounts) weaken security. Valeris, a Rust CLI, audits running containers, flags risks, and provides a checklist to harden deployments.
When Containers Lie: Escaping Root and Breaking Docker Isolation
We explore how root containers and host mounts enable privilege escalation, from SUID binaries in shared volumes to abusing /proc/<PID>/root. Then we show how Valeris detects these risky setups with YAML-based rules before they lead to full host compromise.