Contents
What are the benefits and risks of using Docker?
This ecosystem presently revolves around Docker, a platform for packaging, distributing and managing Linux apps within containers. Though this technology is not very mature yet, it will evolve along the trajectory similar to that of VLANs and virtual machines. In the meantime, let’s explore the security risks and benefits of using such containers.
Is the namespace isolation a limitation of Docker?
Docker recognizes the lack of namespace isolation as a limitation and is working to address it. As of this writing, Docker introduced experimental support into the software that lays the foundation for being able to map a container’s root user to a non-root user on the host.
Can a privileged container in Docker have root access?
By default, a Docker daemon, as well as a container process, runs with root permission. Creating another user and lowering permissions are still possible and are highly recommended from a security perspective. In the case of privileged containers, having root access inside the container also means having root access in the host.
What does the privileged flag do in Docker?
Docker’s — privileged flag effectively disables all isolation features. The containers may have different PID and MNT namespaces as well as cgroups profiles applied. But with the –privileged flag running on a Docker container, a user — and inadvertently, an attacker — has access to the hard drives attached to the host.
Can a non root user use a docker container?
As of this writing, Docker introduced experimental support into the software that lays the foundation for being able to map a container’s root user to a non-root user on the host. Docker isolates many aspects of the underlying host from an application running in a container without root privileges.
Are there security vulnerabilities in the Docker platform?
Docker security: security monitoring and security tools are becoming hot topics in the modern IT world as the early adoption fever is transforming into a mature ecosystem. Docker security is an unavoidable subject to address when we plan to change how we architect our infrastructure.