Security and isolation: Running non-root application in privileged-mode container

I read that Docker can be used as a security mechanism (to entirely isolate an application from the host system) as long as the application is not run with root privileges inside the Docker container.

I also read that if you run a container in privileged mode you basically give up any security/isolation benefits. Does this mean that even non-root apps run in privileged mode containers can be potentially harmful (security-wise) to the host system?

  • view a stream PipelineDB like a log
  • automatic docker login within a bash script
  • Invalid Registry Endpoint pushing docker image
  • All images and containers disappeared after host kernel downgrade
  • Sklearn parallel processing not working in docker container
  • Create database and schema for mySQL in docker
  • Low-level Docker experts’ answers appreciated!

  • Link php docker to host mysql
  • Find the docker containers using an image?
  • Backup running postgres docker container
  • When would a Docker image and its repository have different names?
  • Conventional way to resolve docker derived image build time vs. image size tradeoff
  • Ensure node is running at least a certain kernel version?
  • One Solution collect form web for “Security and isolation: Running non-root application in privileged-mode container”

    The security details are discussed in this article, which is quite useful. The newly-released Docker V1.2.0 allows you to restrict capabilities for privileged containers using the “–cap-drop” and “–cap-add” options.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.