-
|
It would most likely improve the security if the docker socket was accessed behind a proxy such as docker-socket-proxy |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
I fear this will break the whole design of being able to start only one container that does the rest. Also I am not sure how big the gained security of this is because we would need to allow new containers to be created apart from other things which you would forbid usually when using this docker socker proxy, if I understand it correctly. In our case a potential hacker would then be able to simply launch another container with malware that mounts the docker socket and has whole root access on its own. Which would destory all security benefits that this container might bring in the first place. |
Beta Was this translation helpful? Give feedback.
-
|
You are probably right! I use it for the |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer! |
Beta Was this translation helpful? Give feedback.
Thanks for your answer!
Seems like we agree that it doesn't make much sense here.
Closing.