Security and isolation: Running non-root application in privileged-mode container
I read that Docker can be used as a security mechanism (to entirely isolate an application from the host system) as long as the application is not run with root privileges inside the Docker container.
I also read that if you run a container in privileged mode you basically give up any security/isolation benefits. Does this mean that even non-root apps run in privileged mode containers can be potentially harmful (security-wise) to the host system?
Low-level Docker experts’ answers appreciated!
One Solution collect form web for “Security and isolation: Running non-root application in privileged-mode container”
The security details are discussed in this article, which is quite useful. The newly-released Docker V1.2.0 allows you to restrict capabilities for privileged containers using the “–cap-drop” and “–cap-add” options.