- Use official images.
- Restrict network/links within containers.
- Make sure docker daemon REST api is off, and then use traditional UNIX permission checks to Limit access to the control socket.
- Limit docker daemon permission on host.
- Run as non-root.
- Add an extra layer of safety by enabling AppArmor, SELinux, GRSEC, or your fav hardening solution.
Docker Security Checklist
by
Tags: