In order to run more secure containers there is a several path that we can take in the host device in order to have a more secure approach to containers. But for that we need to know a couple of things, almost all containers runs as root inside the containers, and using --privileged will add more capabilities to the containers that may need.
I want to tackle some of the features available on docker to make our containers environment more secure. I will talk about:
- How to sign and run signed containers
- How to isolate containers with a user namespace
- Use Linux capabilities to run your container
- Restric syscalls when running your container (Seccomp security profiles for Docker)