Docker service-side protection

The core of running a container or application is through the Docker service side. The docker service currently requires root permissions to run, so its security is critical.

First, make sure that only trusted users have access to the Docker service. D ocker allows users to share folders between hosts and containers without restricting access to containers, which makes it easy for containers to break through resource limits. F or example, if a malicious user starts a container and / to /host the container can theoretically make arbitrary modifications to the host's file system. D oes that sound crazy? But in fact, almost all virtualized systems allow similar resource sharing, and there is no way to prevent users from sharing host root file systems to virtual machine systems.

This will have serious security consequences. Therefore, when providing container creation services, such as through a web server, more attention should be paid to security checks of parameters to prevent malicious users from creating destructive containers with specific parameters

To enhance protection on the service side, Docker's REST API, which clients use to communicate with the service side, replaces TCP sockets that were previously bound to 127.0.0.1 with local Unix sockets after 0.5.2 because the latter is vulnerable to cross-site scripting attacks. Users now use Unix permission checks to enhance access security for sockets.

Users can still take advantage of HTTP to provide REST API access. I t is recommended that you use security mechanisms to ensure that only access can be made under trusted networks or VPNs, or certificate protection mechanisms such as protected stunnel and ssl authentication. In addition, HTTPS and certificates can be used to enhance protection.

The recently improved Linux namespace mechanism will enable full-featured containers to run with non-root users. This fundamentally addresses the security issues that come with sharing file systems between containers and hosts.

The ultimate goal is to improve 2 important security features:

• Map the root user of the container to the non-root user on the local host to mitigate the security problems between the container and the host due to the elevation of permissions;
• Allows the Docker service side to run under non-root permissions, using secure and reliable sub-processes to act on bement of operations that require privileged permissions. These sub-processes will only allow operations within a limited range, such as only virtual network settings or file system management, configuration operations, and so on.

Finally, it is recommended to use dedicated servers to run Docker and related management services (e.g. management services such as ssh monitoring and process monitoring, management tools nrpe, collectd, etc.). Other business services are put into containers to run.