Chapter 9. Docker Security

In this chapter, we will cover the following recipes:

  • Setting Mandatory Access Control (MAC) with SELinux
  • Allowing writes to volume mounted from the host with SELinux ON
  • Removing capabilities to breakdown the power of a root user inside the container
  • Sharing namespaces between the host and the container


Docker containers are not actually Sandbox applications, which means they are not recommended to run random applications on the system as root with Docker. You should always treat a container running a service/process as a service/process running on the host system and put all the security measures inside the container you put on the host system.

We saw in Chapter 1, Introduction and Installation, how Docker uses ...

Get DevOps: Puppet, Docker, and Kubernetes now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.