Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2025-09-22 05:40:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a section on user namespaces

Browse source
This commit is contained in:
Will Sargent 2016-03-16 11:19:33 -07:00
parent 26bd1914cb
commit 3659477857
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -413,6 +413,12 @@ RUN groupadd -r user && useradd -r -g user user
USER user
```
### User Namespaces
There's also work on [user namespaces](https://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/) -- it is in 1.10 but is not enabled by default.
To enable user namespaces ("remap the userns") in Ubuntu 15.10, [follow the blog example](https://raesene.github.io/blog/2016/02/04/Docker-User-Namespaces/).
### Security Videos
* [Using Docker Safely](https://youtu.be/04LOuMgNj9U)
@ -422,7 +428,7 @@ USER user
### Security Roadmap
The Docker roadmap talks about [seccomp support](https://github.com/docker/docker/blob/master/ROADMAP.md#11-security).
There is an AppArmor policy generator called [bane](https://github.com/jfrazelle/bane), and they're working on [security profiles](https://github.com/docker/docker/issues/17142). There's also work on [user namespaces](https://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/) which [just made it out of experimental](https://github.com/docker/docker/commit/cc63db4fd19f99372a84cc97a87a023fa9193734#diff-991890e619874cd6bb0277584bb7f7a4R632).
There is an AppArmor policy generator called [bane](https://github.com/jfrazelle/bane), and they're working on [security profiles](https://github.com/docker/docker/issues/17142).
## Tips