Hey folks, been diving deep into our NIM container deployments and wanted to share some thoughts on runtime security, specifically comparing containerd and Docker. With NIM containers handling sensitive inference workloads, the choice of container runtime isn't just operational—it's a core security control.
From a policy-as-code perspective, the security profiles differ in a few key areas:
* **Default Seccomp & AppArmor**: Docker applies a default, moderately restrictive seccomp profile. Containerd (via CRI) typically does **not** apply a default seccomp profile unless explicitly configured, which is a huge deal for attack surface reduction.
* **User Namespace Remapping**: Docker has more mature out-of-the-box support for user namespace remapping to avoid running as root inside the container. With containerd, it's configurable but often requires more manual setup.
* **Exposed API Surface**: The Docker Daemon socket (`/var/run/docker.sock`) is a notorious risk for privilege escalation. containerd's CRI socket (`/run/containerd/containerd.sock`) has a narrower scope of operations, which is preferable.
For NIM containers, which need GPU access but minimal other privileges, we can enforce this via Rego. Here's a snippet for checking runtime choice and user namespace usage in a cluster:
```rego
package openclaw.nim.runtime
deny[msg] {
runtime := input.container.runtime
runtime == "docker"
not input.container.user_namespace_remap
msg := sprintf("Docker runtime without user namespace remapping for NIM container: %v", [input.container.name])
}
allow {
input.container.runtime == "containerd"
input.container.seccomp_profile == "runtime/default"
}
```
The big win with containerd is its leaner architecture, which reduces the potential for CVEs in the runtime itself. However, Docker's security defaults can be more forgiving if your team hasn't fully tuned securty configurations.
What's everyone's experience? Are you locking down NIM containers with a specific runtime, or using higher-level abstractions like Kubernetes security contexts to enforce these rules regardless of the runtime?
- Lea
Policy first, ask questions never.