Well, hi everyone, the truth is that to take into account the security and control of resources when putting into production a container-based architecture, you have to read a lot, because by default a container is deployed with everything enabled by default. It can use all the memory, CPU, disk access, and if you are not careful you can even assume that the root user does all the tasks. Obviously we have to avoid all that.
There is a lot to read, be advised! Thank you Bret Fisher.
Bret Fisher´s security concerns
Secure computing mode (
AppArmor (Application Armor)
A Dockerfile sample showing how to use a not root user.
Official guide about how to use USER directive.
Container vulnerabilities database
Find and fix security vulnerabilities
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Threat detection for easier security policy management across containers
Content trust in Docker
Seccomp security profiles for Docker
AppArmor security profiles for Docker
Rootless mode (Experimental)
Experimenting with Rootless Docker
Hardening Docker daemon with Rootless mode
# Docker CE for Linux installation script (Rootless mode) https://get.docker.com/rootless
“Distroless” Docker Images