Chapter 9. Docker Security

In this chapter, we will cover the following recipes:

  • Setting Mandatory Access Control (MAC) with SELinux
  • Allowing writes to volume mounted from the host with SELinux ON
  • Removing capabilities to breakdown the power of a root user inside the container
  • Sharing namespaces between the host and the container

Introduction

Docker containers are not actually Sandbox applications, which means they are not recommended to run random applications on the system as root with Docker. You should always treat a container running a service/process as a service/process running on the host system and put all the security measures inside the container you put on the host system.

We saw in Chapter 1, Introduction and Installation, how Docker uses ...

Get DevOps: Puppet, Docker, and Kubernetes now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.