Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2026-02-28 10:04:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve README links

Browse source
This commit is contained in:
belingud 2020-03-12 14:15:20 +08:00
parent b68f3b7bb1
commit a727e001aa
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ru/README.md
View file

@ -491,7 +491,7 @@ This is where general Docker best practices and war stories go:
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/security/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html).
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/).
Docker should not be your only defense. You should secure and harden it.