There are four major areas to consider when reviewing Docker security:
-
the intrinsic security of the kernel and its support for namespaces and cgroups;
-
the attack surface of the Docker daemon itself;
-
loopholes in the container configuration profile, either by default, or when customized by users.
-
the “hardening” security features of the kernel and how they interact with containers.