Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2026-01-21 08:16:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

README links correction (#179)

Browse source 
* update README.md

1. add contents description
2. add shell command result

* Improve README links

Co-authored-by: belingud <im.victor@qq.com>
This commit is contained in:
belingud 2020-03-13 01:31:46 +08:00 committed by GitHub
parent d738b43896
commit 1ee56fb627
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -509,7 +509,7 @@ You can bring everything down, removing the containers entirely, with the down c
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html).
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/).
Docker should not be your only defense. You should secure and harden it.