|
|
|
|
|
|
by s_ting765
354 days ago
|
|
|
Keep docker. As long as you do not expose volumes back to the host system, it is reasonably safe (despite the misconceptions it comes with good security defaults). If you want to further lock this down, there are many tools such as apparmor and seccomp that you can add custom profiles with but a good starting point would be: docker run --security-opt no-new-privileges --cap-drop ALL untrusted-image |
|
|