Skip to Content
Docker Security
book

Docker Security

by Adrian Mouat
January 2016
Intermediate to advanced content levelIntermediate to advanced
30 pages
1h 7m
English
O'Reilly Media, Inc.
Content preview from Docker Security

Foreword

Docker’s introduction of the standardized image format has fueled an explosion of interest in the use of containers in the enterprise. Containers simplify the distribution of software and allow greater sharing of resources on a computer system. But as you pack more applications onto a system, the risk of an individual application having a vulnerability leading to a breakout increases.

Containers, as opposed to virtual machines, currently share the same host kernel. This kernel is a single point of failure. A flaw in the host kernel could allow a process within a container to break out and take over the system. Docker security is about limiting and controlling the attack surface on the kernel. Docker security takes advantage of security measures provided by the host operating system. It relies on Defense in Depth, using multiple security measures to control what the processes within the container are able to do. As Docker/containers evolve, security measures will continue to be added.

Administrators of container systems have a lot of responsibility to continue to use the common sense security measures that they have learned on Linux and UNIX systems over the years. They should not just rely on whether the “containers actually contain.”

  • Only run container images from trusted parties.
  • Container applications should drop privileges or run without privileges whenever possible.
  • Make sure the kernel is always updated with the latest security fixes; the security kernel is critical. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Docker Networking Cookbook

Docker Networking Cookbook

Jon Langemak, Aditya Amar
Using Docker

Using Docker

Adrian Mouat
Kubernetes Security

Kubernetes Security

Liz Rice, Michael Hausenblas
Hands-On Security in DevOps

Hands-On Security in DevOps

Tony Hsiang-Chih Hsu

Publisher Resources

ISBN: 9781492042297Errata Page