Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2026-01-07 01:28:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

README links correction (#179)

Browse source 
* update README.md

1. add contents description
2. add shell command result

* Improve README links

Co-authored-by: belingud <im.victor@qq.com>
This commit is contained in:
belingud 2020-03-13 01:31:46 +08:00 committed by GitHub
parent d738b43896
commit 1ee56fb627
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ru/README.md
View file

@ -491,7 +491,7 @@ This is where general Docker best practices and war stories go:
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html).
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/).
Docker should not be your only defense. You should secure and harden it.