Docker Security Concerns

You are viewing an old version of this article. View the current version here.

When using Docker containers in production, it is important to be aware of Docker security concerns.

Host System Security

All Docker containers are built upon the host system's kernel. If the host system's kernel has security bugs, those bugs are also present in the containers.

In particular, Docker leverages two Linux features:

  • Namespaces, to isolate containers from each other and make sure that a container can't establish unauthorized connections to another container.
  • cgroups, to limit the resources (CPU, memory, IO) that each container can consume.

The administrators of a system running Docker should be particularly careful to upgrade the kernel whenever security bugs to these features are fixed.

Docker, like most container technologies, uses the runC open source library. runC security bugs are likely to affect Docker.

Finally, Docker itself security bugs potentially affect all containers.

It is important to note that when we upgrade the kernel, runC or Docker itself we cause a downtime for all the containers running on the system.

Containers Security

References

For more information, see the following links:


Content initially contributed by Vettabase Ltd.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.