Highest Voted 'docker' Questions - IT Security Stack Exchange

307

votes

9 answers

What makes Docker more secure than VMs or bare metal?

I recently had a discussion with a Docker expert about the security of Docker vs. virtual machines. When I told that I've read from different sources that it's easier for code running within a Docker container to escape from it than for a code…

virtualization docker isolation

asked Sep 17 '17 at 22:08

Arseni Mourzenko

4,644
6
20
30

58

votes

8 answers

Is it safe to trust a Docker container?

When it comes to Docker, it is very convenient to use a third party container that already exist to do what we want. The problem is that those containers can be very complicated and have a large parent tree of other containers; they can even pull…

operating-systems trust docker confinement

asked May 08 '15 at 12:17

0x1gene

783
1
6
10

48

votes

1 answer

How to mitigate Meltdown in Docker images?

On https://meltdownattack.com/ it is suggested that (in some cases?) scenarios with Docker containers are also vulnerable. I'm a developer using Docker for two different purposes: Images used for running build steps in GitLab CI/CD A few images…

docker meltdown

asked Jan 04 '18 at 09:44

Jeroen

839
9
15

46

votes

3 answers

Docker as a sandbox for untrusted code

I have created a web application that among other things allows users to write, compile and execute code (Java, C#). The application creates a Docker container for every user where compilation and code execution takes place. I have taken the…

sandbox docker

asked Dec 11 '15 at 10:28

Hartger

571
1
5
7

42

votes

2 answers

Is it possible to escalate privileges and escaping from a Docker container?

I'm learning a lot about docker. I'm practicing creating docker clusters using docker-swarm, registry, shipyard, etc. I saw how easy is to get root in a docker host machine once you entered to the host with a limited user which has docker…

privilege-escalation docker container escape

asked Mar 04 '17 at 20:02

OscarAkaElvis

5,185
3
17
48

37

votes

4 answers

Passing secret keys securely to docker containers

I want to pass a secret value needed by an app that runs in a Docker container. This particular container is short-lived -- it starts up, runs a command, and then terminates. Method 1: Pass the value as an environment variable via the command line…

key-management docker

asked Oct 16 '14 at 02:11

Anthony Kraft

1,139
1
8
18

25

votes

2 answers

How to securely provide SSL certs to a Docker app

What is the most secure way to provide SSL certificates (for HTTPS) to a Docker application? The approaches I've considered: The environment It's common (but obviously not required) to use the 12factor approach with Docker apps, which would suggest…

tls docker

asked Aug 16 '15 at 19:29

Flimzy

655
1
6
14

20

votes

1 answer

Can a root user inside a Docker/LXC break the security of the whole system?

My question is probably more about the LXC than about Docker, but I wonder what are the security mechanisms to prevent a root user inside a Docker image to access the whole host. More precisely, I wonder what are the limit of the capacities of such…

linux docker

asked Nov 30 '15 at 17:21

perror

813
2
10
26

17

votes

3 answers

Securing Docker and LXC

The concept put forward by Docker and LXC seems to be, from a security perspective, a move in the right direction. Afraid of a MySQL zero-day? Run it in a Docker container and it won't be able to cause damage to the host operating system. However,…

linux docker

asked Apr 01 '14 at 07:30

Naftuli Kay

6,715
9
47
75

17

votes

3 answers

Would CVE-2016-0728 affect Docker?

I ended up having a discussion about Docker and system security today and we came to the point where we asked ourselves of the latest CVE-2016-0728 exploit (privilege escalation) would affect Docker containers as well. Docker utilizes the system…

cve docker

asked Jan 20 '16 at 13:06

Sven van de Scheur

273
1
6

16

votes

2 answers

Docker: when to use apparmor vs seccomp vs --cap-drop

Docker seems to support both apparmor and seccomp. Docker also allows to drop capabilities when running a container. However I couldn't find any documentation or guideline on when to use which approach. There seems to be a significant overlap in…

linux docker apparmor capabilities seccomp

asked Nov 02 '18 at 04:32

JackDaniels

261
2
5

14

votes

1 answer

Hardening/reducing attack surface for a Docker container

I'd like to set up a hardened Docker instance, mostly for running micro-services such as statically compiled golang applications. What I'm looking for is to protect the host OS from a rogue container and containers from one another. I tried to…

hardening docker

asked Aug 29 '16 at 20:24

Matthieu

316
2
10

12

votes

1 answer

How secure is docker container-to-container traffic?

I'm working on building a web application using the microservice architecture pattern in a set of docker containers and I'm wondering about the importance of securing the communication between the application and the microservices. The application…

authentication docker

asked Jan 05 '15 at 15:43

Kryten

349
2
7

12

votes

3 answers

Risks posed by docker daemon running as root

My team has been getting pretty excited about using docker because it promises to simplify our deployments and provide a number of other design and operational benefits. We recently started to really get things rolling with it and ran into some…

docker

asked Oct 09 '15 at 20:18

JimmyJames

2,956
2
16
25

11

votes

2 answers

Security implications of granting non-root access to privileged ports (<1024)

Lots of solutions to this problem e.g. here and here but in order to decide which is best I'd need to know more about the security implications of each solution (or at least in general). My context: I'm looking into running a rootless Docker/Podman…

ports docker

asked Jan 03 '21 at 16:37

Stuart Hodgson

121
1
5

Questions tagged [docker]