Docker Security

Docker contaniners share the kernel wth the machine they are running on.



If any of the containers starts using up more resources like CPU, RAM the other containers might run ino /do/s issue.



The attack can break out from a container into the host  machine or other containers.



Make sure that the images coming from dockerhub are from trusted sources.



You should be careful with what secrets you store in your containers.



You can use the commands:

docker network disconnect nh

nh is the name of the container. This will disconnect your containers from the network and they will be inaccessible.

docker diff

Docker diff will show you which files have been modified.

If you do not want external invalid/destructive files to modify your containersthen you can make your containers read-only



Specify --read-only option while running your container.