Docker Security

  • Access to docker with root, kernel is shared
  • Don’t run container as root
  • Be careful to not pull just any public dockerhub images
  • Avoid installing unnecessary packages
  • Avoid running sshd inside container
  • Build daily & deploy often
  • Assign group root to any creater user (Because Kubernetes gives this group access for all created volumes)

Entering Root in a Docker Container

  • Enter a container with docker exec
  • privileges are dropped, but you can bypass this by using nsenter instead.
  • Or just use this flag: docker exec --user root