AWS has announced the general availability of Bottlerocket, a Linux-based open source operating system designed and optimized specifically for use as a container host.
Bottlerocket is designed to improve security and operations of your containerized infrastructure. Its built-in security hardening helps simplify security compliance, and its transactional update mechanism enables the use of container orchestrators to automate OS updates and decrease operational costs.
To increase the isolation between containers and the host operating system, Bottlerocket uses Security-Enhanced Linux (SELinux) in enforcing mode. This is in addition to standard Linux kernel technologies to implement isolation between containerized workloads.
Also, Bottlerocket uses a Linux kernel feature called Device-mapper’s verity target to provide integrity checking to help prevent attackers from persisting threats on the OS.
Bottlerocket is developed as an open source project on GitHub with a public roadmap.
AWS product manager Samartha Chandrashekar said in a blog post that the cloud giant is looking forward to building a community around Bottlerocket on GitHub.
“We welcome contributions. Going over existing issues is a great way to get started contributing,” quipped Chandrashekar.