ruk·si

🐋 Docker
Security

Updated at 2017-07-09 10:59

There are three major parts in Docker security:

  • Image security: receiving the right image from the right registry.
  • Host security: securing access to the Docker daemon on the host.
  • Runtime security: running containers should only have minimal privileges.

Common vulnerability and exposure (CVE) image scanning is bundled with Docker EE. This might be one reason you could consider using Docker EE. But don't fully rely on CVE checks for security, it only the first step.

Avoid containers running in privileged mode. Being privileged removes all cgroup restrictions.

Sources

  • Linux Magazine, June 2017