Docker Security

DockerCon 2016 is here and this is the very first day with workshops on various topics. I chose to attend the Docker Security workshop as I’m interested in seeing how Docker tackles some security challenges. This blog post is my notes taken from the workshop. In order to talk about security, we first have to know how docker works on a higher level to know what to secure. The workshop addresses that question early on.

Docker...root...root...Docker (a.k.a. the docker group is a backdoor)

While working with docker related stuff and when I use volume mount to a subdir of my home dir, I always come across the issue of the container littering folders with root:root permission in my home folder and then I have to sudo rm ... it, for example: docker run -d $(pwd)/data:/var/lib/mysql/data mysql It always annoys me but today, it came to me like an epiphany that this is actually a pretty severe security vulnerability.