Securing Docker and Containers
Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the techniques requiring sophisticated configuration, expert knowledge, and usage of supporting technologies available already in Linux (e.g. SELinux).
Docker uses two primary technologies in Linux to make containers possible, these include cgroups and namespaces. Jérôme acknowledged that Docker essentially provides the same capabilities as LXC and also has the same security risks. Docker aligns with the principle of least privilege in the way it configures its containers as they start, however Docker itself must run as root and so must the root user of its containers. The Linux Kernel is the limiting factor currently requiring root. This means that users should take care to protect the Docker daemon along with access to its REST api. Jérôme states things will improve:
The end goal for Docker is therefore to implement two additional security improvements:
- map the root user of a container to a non-root user of the Docker host, to mitigate the effects of a container-to-host privilege escalation;
- allow the Docker daemon to run without root privileges, and delegate operations requiring those privileges to well-audited sub-processes, each with its own (very limited) scope: virtual network setup, filesystem management, etc."
Good summary, one typo
Tom Gilb & Kai Gilb Jan 26, 2015