Source: dzone.com
Advanced Docker Security with AppArmorCategory: Data, Docker
So you have your Docker Containers deployed, which in turn are hosting critical applications of your organization?
By default, a deployed Docker originally remains secured through an auto-generated profile docker-default for its containers. This profile, however, provides moderate security on the application level, and thus it remains highly recommended to implement a security profile through AppArmor which works at the process/program level of an application.
Apparmor can be set as the default security profile on every boot by setting the following parameter on kernel: To load all AppArmor security profiles on boot, enableapparmor.service.
To check the list of AppArmor security profiles correctly loaded : To display the current loaded status use apparmor_status: Above you can see the loaded profiles and processes with their respective statuses.
By default, a deployed Docker originally remains secured through an auto-generated profile docker-default for its containers. This profile, however, provides moderate security on the application level, and thus it remains highly recommended to implement a security profile through AppArmor which works at the process/program level of an application.
Apparmor can be set as the default security profile on every boot by setting the following parameter on kernel: To load all AppArmor security profiles on boot, enableapparmor.service.
To check the list of AppArmor security profiles correctly loaded : To display the current loaded status use apparmor_status: Above you can see the loaded profiles and processes with their respective statuses.
Related Articles
Community Partners
DevOps Careers