The invention provides a container security execution method and device and a storage medium, and the method comprises the steps: building a main monitor and a plurality of sub-monitors based on an SGX, and carrying out the management of a container through the main monitor and the plurality of sub-monitors; the method comprises the following steps: in response to the first starting of a container
system, carrying out
integrity measurement on a structural file of the container
system, calculating an
integrity measurement value of the structural file of the container
system, and storing the
integrity measurement value as an integrity measurement base value of the container system to a main monitor. The problem that containers in the same Network
Namespace can access each other is solved, the problem of isolation between the containers is solved, and malicious
attack behaviors of untrusted containers are prevented by setting a container network white
list and limiting the access capability of other containers to the running containers. The problems that the integrity and legality of a
code segment and a stack function return address are verified when a container runs, the
code segment is tampered when the container runs, and the stack function return address overflows are solved.