|
|
|
|
|
|
by raesene9
3346 days ago
|
|
|
Yep you can limit docker in a number of ways, to restrict what can be run in containers. Using user namespace support, root in a container is mapped to a non-root high UID user outside the container. You can also use cgroup support to limit the resources used by an individual container. There's quite a few recommendations in the Docker CIS security guide that can be helpful for locking down an installation https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1... |
|
|