Basic built in security features of docker

0 votes
Can somebody explain what built in security features does docker have?
Aug 23, 2019 in Docker by anonymous
1,066 views

1 answer to this question.

0 votes

Here are few basic built -in security features that docker provides:

  • Kernel namespaces

Namespaces define the context in which names are defined whether it be variable names or function names. In other words, namespace defines the scope of the names. 

Each container in docker creates a set of namespaces specific to the container. Hence is the first and a great method of security between containers.

  • Control Groups

Control groups facilitate resource accounting and limiting. 

Control Groups doesn’t allow a container to exhaust the host system’s CPU, memory, disk I/O, etc. 

It also doesn’t allow data and processes of container to be accessed by another container.

  • Docker daemon attack surface

When a “docker run “ command is performed docker client speaks to docker daemon who manages the images and containers. Docker daemon needs root privileges. 

Extra precaution must be taken to give access only to trusted users to control docker daemon. 

A  container could even be started from the root directory on your host and the container can alter your host filesystem without any restriction.

  • Linux Kernel Capabilities

Containers could be started with a reduced set of capabilities. 

This would mean that “root” within a container has fewer privileges than the real “root”. This, in turn, reduces the damage by an intruder with root privileges.

answered Aug 23, 2019 by Sirajul
• 59,230 points

Related Questions In Docker

0 votes
0 answers

what is the use of docker history command in Docker?

I am trying to find the initial ...READ MORE

Jun 20, 2019 in Docker by Shubham
• 1,000 points
1,434 views
0 votes
1 answer

How to get the hostname of the manager node in the Docker swarm?

Hi@akhtar, You can find the manager hostname using ...READ MORE

answered Dec 24, 2020 in Docker by MD
• 95,460 points
4,168 views
+2 votes
6 answers

copy directories in docker container excluding any one directory

One of the way could be copy ...READ MORE

answered Dec 10, 2018 in Docker by Prateek
34,850 views
+4 votes
7 answers

If conditional in docker file

First of all, create a build_internal.sh file ...READ MORE

answered May 29, 2018 in Docker by DareDev
• 6,890 points
123,423 views
+2 votes
1 answer
+2 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 58,020 points
2,703 views
0 votes
1 answer

Does the feature of "Garbage Collection" exist in Docker?

Yes you can clean up resources in ...READ MORE

answered Jul 2, 2019 in Docker by Sirajul
• 59,230 points
2,285 views
0 votes
2 answers

How do I fix the “no space left on device” error in docker?

Try cleaning up: $ docker volume rm $(docker ...READ MORE

answered Aug 14, 2019 in Docker by Sirajul
• 59,230 points
12,663 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP