Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2025-12-16 15:10:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

README links correction (#179)

Browse source 
* update README.md

1. add contents description
2. add shell command result

* Improve README links

Co-authored-by: belingud <im.victor@qq.com>
This commit is contained in:
belingud 2020-03-13 01:31:46 +08:00 committed by GitHub
parent d738b43896
commit 1ee56fb627
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -509,7 +509,7 @@ You can bring everything down, removing the containers entirely, with the down c
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail. This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html). First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/).
Docker should not be your only defense. You should secure and harden it. Docker should not be your only defense. You should secure and harden it.

2
ru/README.md
View file

@ -491,7 +491,7 @@ This is where general Docker best practices and war stories go:
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail. This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html). First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/).
Docker should not be your only defense. You should secure and harden it. Docker should not be your only defense. You should secure and harden it.

20
zh-cn/README.md
View file

@ -9,8 +9,8 @@
## 目录 ## 目录
* [为何使用 Docker](#为何使用-docker) * [为何使用 Docker](#为何使用-docker)
* [系统环境](#系统环境) * [系统环境(Prerequisites)](#系统环境)
* [安装](#安装) * [安装(Installation)](#安装)
* [容器(Containers)](#容器container) * [容器(Containers)](#容器container)
* [镜像(Images)](#镜像images) * [镜像(Images)](#镜像images)
* [网络(Networks)](#网络networks) * [网络(Networks)](#网络networks)
@ -20,9 +20,9 @@
* [链接(Links)](#链接links) * [链接(Links)](#链接links)
* [卷标(Volumes)](#卷标volumes) * [卷标(Volumes)](#卷标volumes)
* [暴露端口(Exposing Ports)](#暴露端口exposing-ports) * [暴露端口(Exposing Ports)](#暴露端口exposing-ports)
* [最佳实践](#最佳实践) * [最佳实践(Best Practices)](#最佳实践)
* [安全](#安全security) * [安全(security)](#安全security)
* [小贴士](#小贴士) * [小贴士(Tips)](#小贴士)
* [贡献手册(Contributing)](#贡献手册contributing) * [贡献手册(Contributing)](#贡献手册contributing)
## 为何使用 Docker ## 为何使用 Docker
@ -54,13 +54,17 @@ Docker 对于 Linux 内核版本的 [最低要求](https://docs.docker.com/engin
获取 Docker 服务版本: 获取 Docker 服务版本:
``` ```
docker version --format '{{.Server.Version}}' $ docker version --format '{{.Server.Version}}'
1.8.0
``` ```
你也可以输出原始的 JSON 数据: 你也可以输出原始的 JSON 数据:
``` ```
docker version --format '{{json .}}' $ docker version --format '{{json .}}'
{"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"am"}
``` ```
## 安装 ## 安装
@ -486,7 +490,7 @@ docker port CONTAINER $CONTAINERPORT
这节准备讨论一些关于 Docker 安全性的问题。Docker 官方文档 [安全](https://docs.docker.com/articles/security/) 页面讲述了更多细节。 这节准备讨论一些关于 Docker 安全性的问题。Docker 官方文档 [安全](https://docs.docker.com/articles/security/) 页面讲述了更多细节。
首先第一件事Docker 是有 root 权限的。如果你在 `docker` 组,那么你就有 [root 权限](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host)。如果你将 Docker 的 Unix Socket 暴露给容器,意味着你赋予了容器 [宿主机 root 权限](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html)。 首先第一件事Docker 是有 root 权限的。如果你在 `docker` 组,那么你就有 [root 权限](https://web.archive.org/web/20161226211755/http://reventlov.com/advisories/using-the-docker-command-to-root-the-host)。如果你将 Docker 的 Unix Socket 暴露给容器,意味着你赋予了容器 [宿主机 root 权限](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/)。
Docker 不应当作为唯一的防御措施。你应当使其更加安全可靠。 Docker 不应当作为唯一的防御措施。你应当使其更加安全可靠。