Improving Security of Docker Container The article is a great primer on fixing obvious vulnerabilities in the Docker image. Summary Use an unprivileged user. Remove all executables with setuid on. It will disallow the hacker to run an executable as root. Reference https://scene-si.org/2019/12/12/docker-images-and-security/
Tag: docker
How network work in docker-compose?
How network works in docker-compose? docker-compose creates a set of containers, brings them up along with a private network. The network is very interesting because a private network is essential to compose & test a microservice bases system. I found the post https://medium.com/@caysever/docker-compose-network-b86e424fad82 quite useful. Post Highlights docker-compose creates a default network, if no network is specified. The name of…
Why Docker is a Long Term Future for Platform?
What make Docker so popular and long-lasting? Container is essentially OS level virtualization. Each application gets illusion of its own OS, having almost absolute control over it. Another advantage is that host OS knows about the container processes and hence can share its resources among hosted containers. The concept of containers was started by FreeBSD, refined by Solaris and re-implemented…
Notes on Dockerfile and Build Cache
Dockerfile is an instruction set to set up a new container. It looks like a BASH script that serially runs all the mentioned commands. The commands are predefined by Dockerfile syntax. Unlike BASH script, Dockerfile runs and applies effects of a command to the output of the previous step. Each step of a Dockerfile creates, by default, a container which…
Docker: network unavailable on the container
Scenario Network connectivity is available on the host. Container is unable to make any out-connection. Look out for the following message: WARNING: IPv4 forwarding is disabled. Networking will not work. If the above message occur, just restart the host machine. It is most likely due to fresh docker installation on the host that needs a restart. Written with StackEdit.