Basic built in security features of docker.

0 votes
Can somebody explain what built in security features does docker have?
Aug 23 in Docker by anonymous
84 views

1 answer to this question.

0 votes

Here are few basic built -in security features that docker provides:

  • Kernel namespaces

Namespaces define the context in which names are defined whether it be variable names or function names. In other words, namespace defines the scope of the names. 

Each container in docker creates a set of namespaces specific to the container. Hence is the first and a great method of security between containers.

  • Control Groups

Control groups facilitate resource accounting and limiting. 

Control Groups doesn’t allow a container to exhaust the host system’s CPU, memory, disk I/O, etc. 

It also doesn’t allow data and processes of container to be accessed by another container.

  • Docker daemon attack surface

When a “docker run “ command is performed docker client speaks to docker daemon who manages the images and containers. Docker daemon needs root privileges. 

Extra precaution must be taken to give access only to trusted users to control docker daemon. 

A  container could even be started from the root directory on your host and the container can alter your host filesystem without any restriction.

  • Linux Kernel Capabilities

Containers could be started with a reduced set of capabilities. 

This would mean that “root” within a container has fewer privileges than the real “root”. This, in turn, reduces the damage by an intruder with root privileges.

answered Aug 23 by Sirajul
• 35,810 points

Related Questions In Docker

0 votes
0 answers

what is the use of docker history command in Docker?

I am trying to find the initial ...READ MORE

Jun 19 in Docker by Shubham
• 1,000 points
46 views
+2 votes
6 answers
+2 votes
6 answers

If conditional in docker file

You can use the test command RUN test ...READ MORE

answered Dec 10, 2018 in Docker by Shushant
18,062 views
0 votes
1 answer

How do I scale in Docker Swarm Mode W/Terraform Digital Ocean Load Balancing

The solution you could build for Digital ...READ MORE

answered Jun 19, 2018 in Docker by shubham
• 6,890 points
233 views
0 votes
1 answer
0 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 56,900 points
216 views
0 votes
1 answer
0 votes
2 answers

How do I fix the “no space left on device” error in docker?

Try cleaning up: $ docker volume rm $(docker ...READ MORE

answered Aug 14 in Docker by Sirajul
• 35,810 points
2,015 views