15: Security in Docker
Good security is all about layers and defence in depth. Docker supports all the major Linux security technologies as well as plenty of its own.
In this chapter, we’ll look at some of the technologies that make running containers very secure.
Large parts of the chapter will be specific to Linux. However, the Docker security technologies section is platform agnostic and applies equally to Linux and Windows.
Security in Docker - The TLDR
Security is about layers, and more layers = more secure. Fortunately, we can apply lots of layers of security to Docker. Figure 15.1 shows some of the security-related technologies we’ll cover in the chapter.
Docker on Linux leverages most of the common Linux security and workload isolation technologies. These include namespaces, control groups, capabilities, mandatory access control (MAC), and seccomp. For each one, Docker ships with “sensible defaults” for a moderately...
