x0rg/9x0rg.com
1
0
Fork 0
Code Releases Activity

improvmeent

Browse Source
This commit is contained in:
Wonderfall 2022-04-03 05:19:43 +02:00
parent 9953be62c8
commit dbf0e2d3c3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/docker-hardening.md
View File

@ -79,7 +79,7 @@ Good practices have been therefore established:
- Keep the host kernel, Docker and the OCI runtime updated. - Keep the host kernel, Docker and the OCI runtime updated.
- Consider the usage of user namespaces. - Consider the usage of user namespaces.
By the way, it goes without saying that any user (or container) who has access to the Docker daemon should be considered as privileged as root. It should only be owned by root, and if that doesn't work with your environment, use Docker rootless or Podman. By the way, it goes without saying that any user who has access to the Docker daemon should be considered as privileged as root. Mounting the Docker socket (`/var/run/docker.sock`) in a container makes it highly privileged, and so it should be avoided. The socket should only be owned by root, and if that doesn't work with your environment, use Docker rootless or Podman.
### Avoiding root ### Avoiding root
root can be avoided in different ways in the final container: root can be avoided in different ways in the final container: