Skip to content

Instantly share code, notes, and snippets.

@Yapcheekian

Yapcheekian/notes.md

Last active July 28, 2021 16:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Yapcheekian/493d117941f5886c8fd74c0055dfbcbf to your computer and use it in GitHub Desktop.
Save Yapcheekian/493d117941f5886c8fd74c0055dfbcbf to your computer and use it in GitHub Desktop.
Download ZIP
Docker security hardening
Raw
notes.md 
docker run -it --rm -u yap ubuntu /bin/bash # run as non-root user

docker run -it --rm --security-opt=no-new-privileges ubuntu /bin/bash

docker run -it --rm --cap-drop all --cap-add NET_ADMIN ubuntu /bin/bash

docker run -it --rm --read-only --tmpfs /opt ubuntu /bin/bash

Docker network

docker network ls # bridge is the default mode

docker network inspect bridge # get subnet range 

docker network create --driver bridge -o "com.docker.network.bridge.enable.icc"="false" test # create custom network that disable intercommunication between containers

docker run -it --rm --network test ubuntu /bin/bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment