How not to Docker

or why trusting the Internet is a bad idea

Don't run privileged

(unless you damn well know what you're doing)

Don't expose your socket

(to anything you don't really trust)

Don't use host network mode

(without being aware of the risks)

Know where code is FROM

(aka don't always trust the internet)

Don't forget your host

(or your updates)

Alistair Chapman


(essentially everywhere)