[ams6110]

Why do I need to take any action to securely deply Docker containers? Why aren't they secure by default. What I should need to study is how to run them insecurely, should I have that need. Secure should be the default mode.

[kentonv]

Docker aims to run arbitrary off-the-shelf Linux apps (and even entire distros) with no modification. Such apps are largely authored to work in traditional environments where security is fairly ad hoc and requires fiddly user configuration. Although in many cases it would not be hard to adapt them to a uniform security model, any such requirement would mean that Docker would only support apps that have been "ported" to that model, which would make it a very different kind of platform not suited for the same use cases.

For an example of the opposite approach, look at Sandstorm.io. It forces apps to conform to a strict platform-defined security model where things are isolated "by default" and from there the user can use friendly UI to grant permissions as necessary. This means that currently there are only some 30 apps available on Sandstorm but they are (or will be, when Sandstorm reaches 1.0) "secure by default", or at least much more so than other platforms could claim.

(Disclosure: I'm the lead developer of Sandstorm.)

[akerl_]

This would be really great if security was a binary switch, but it's not. The most secure way for them to write Docker would be if, when started, it ran `shutdown -h now`. In the real world, designers of systems and software are required to make security decisions and determine the best course for providing security and usability.

I don't agree with several decisions that the Docker team has made, but to so grossly oversimplify the matter at hand is unhelpful.

[Zikes]

Security is not one size fits all, especially when a container can contain conceivably anything.