May 22, 2021 Docker From entry to practice
In addition to capability mechanisms, you can also leverage existing security mechanisms to enhance the security of using Docker, such as TOMOYO, AppArmor, SELinux, GRSEC, and more.
Docker currently only has the capability mechanism enabled by default. Users can use a variety of scenarios to enhance the security of Docker hosts, such as:
Like other third-party tools added to Docker containers, such as network topology and file system sharing, there are many similar mechanisms that can reinforce existing containers without changing the Docker kernel.