mirror of
https://github.com/wsargent/docker-cheat-sheet.git
synced 2025-09-22 05:40:50 +02:00
Update README.md
This commit is contained in:
Will Sargent
parent
41ef49555b
commit
aea06af1c2
1 changed files with 1 additions and 1 deletions
|
|
@ -352,7 +352,7 @@ First things first: Docker runs as root. If you are in the `docker` group, you
|
||||||
|
|
||||||
### Security Tips
|
### Security Tips
|
||||||
|
|
||||||
For greatest security, you want to run Docker inside a virtual machine, on on a host. This is straight from the Docker Security Team Lead -- [slides](http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security) / [notes](http://www.projectatomic.io/blog/2014/08/is-it-safe-a-look-at-docker-and-security-from-linuxcon/). Then, run with AppArmor / seccomp / SELinux / grsec etc to [limit the container permissions](http://linux-audit.com/docker-security-best-practices-for-your-vessel-and-containers/).
|
For greatest security, you want to run Docker inside a virtual machine, or on a host. This is straight from the Docker Security Team Lead -- [slides](http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security) / [notes](http://www.projectatomic.io/blog/2014/08/is-it-safe-a-look-at-docker-and-security-from-linuxcon/). Then, run with AppArmor / seccomp / SELinux / grsec etc to [limit the container permissions](http://linux-audit.com/docker-security-best-practices-for-your-vessel-and-containers/).
|
||||||
|
|
||||||
Docker image ids are [sensitive information](https://medium.com/@quayio/your-docker-image-ids-are-secrets-and-its-time-you-treated-them-that-way-f55e9f14c1a4) and should not be exposed to the outside world. Treat them like passwords.
|
Docker image ids are [sensitive information](https://medium.com/@quayio/your-docker-image-ids-are-secrets-and-its-time-you-treated-them-that-way-f55e9f14c1a4) and should not be exposed to the outside world. Treat them like passwords.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue