Docker Security
Jump to navigation
Jump to search
External
- https://docs.docker.com/engine/security/security/
- http://opensource.com/business/14/7/docker-security-selinux
Internal
Overview
Production containers should almost always be run under the context of a non-privileged user. See Dockerfile USER.
Privileged Container
A privileged container, also referred to as a super privileged container (SPC) or an infrastructure container, is a special container elevated privileges administrators use to perform administrative tasks as management, monitoring, backups, etc. Privileged containers can load specialized kernel modules, for example. Typically there's a tighter coupling between privileged containers and the host kernel. When using a privileged container, the administrator needs to select a user space that is compatible with the host kernel.
Also see: