Basic built in security features of docker

0 votes
Can somebody explain what built in security features does docker have?
Aug 23, 2019 in Docker by anonymous
239 views

1 answer to this question.

0 votes

Here are few basic built -in security features that docker provides:

  • Kernel namespaces

Namespaces define the context in which names are defined whether it be variable names or function names. In other words, namespace defines the scope of the names. 

Each container in docker creates a set of namespaces specific to the container. Hence is the first and a great method of security between containers.

  • Control Groups

Control groups facilitate resource accounting and limiting. 

Control Groups doesn’t allow a container to exhaust the host system’s CPU, memory, disk I/O, etc. 

It also doesn’t allow data and processes of container to be accessed by another container.

  • Docker daemon attack surface

When a “docker run “ command is performed docker client speaks to docker daemon who manages the images and containers. Docker daemon needs root privileges. 

Extra precaution must be taken to give access only to trusted users to control docker daemon. 

A  container could even be started from the root directory on your host and the container can alter your host filesystem without any restriction.

  • Linux Kernel Capabilities

Containers could be started with a reduced set of capabilities. 

This would mean that “root” within a container has fewer privileges than the real “root”. This, in turn, reduces the damage by an intruder with root privileges.

answered Aug 23, 2019 by Sirajul
• 59,050 points

Related Questions In Docker

0 votes
0 answers

what is the use of docker history command in Docker?

I am trying to find the initial ...READ MORE

Jun 19, 2019 in Docker by Shubham
• 1,000 points
715 views
0 votes
1 answer

How to get the hostname of the manager node in the Docker swarm?

Hi@akhtar, You can find the manager hostname using ...READ MORE

answered Dec 24, 2020 in Docker by MD
• 95,180 points
272 views
+2 votes
6 answers

copy directories in docker container excluding any one directory

One of the way could be copy ...READ MORE

answered Dec 10, 2018 in Docker by Prateek
17,576 views
+4 votes
7 answers

If conditional in docker file

First of all, create a build_internal.sh file ...READ MORE

answered May 29, 2018 in Docker by DareDev
• 6,890 points
67,548 views
+2 votes
1 answer
+2 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 58,120 points
1,153 views
0 votes
1 answer
0 votes
2 answers

How do I fix the “no space left on device” error in docker?

Try cleaning up: $ docker volume rm $(docker ...READ MORE

answered Aug 14, 2019 in Docker by Sirajul
• 59,050 points
9,822 views