kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #24782 from tonistiigi/load-sec

Browse source 
Update docker load security docs
This commit is contained in:
Sebastiaan van Stijn 2016-07-19 09:06:27 +02:00 committed by GitHub
commit 5fe3e006e4
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/security/security.md
View file

@ -120,13 +120,11 @@ certificates](https.md).
The daemon is also potentially vulnerable to other inputs, such as image The daemon is also potentially vulnerable to other inputs, such as image
loading from either disk with 'docker load', or from the network with loading from either disk with 'docker load', or from the network with
'docker pull'. This has been a focus of improvement in the community, 'docker pull'. As of Docker 1.3.2, images are now extracted in a chrooted
especially for 'pull' security. While these overlap, it should be noted subprocess on Linux/Unix platforms, being the first-step in a wider effort
that 'docker load' is a mechanism for backup and restore and is not toward privilege separation. As of Docker 1.10.0, all images are stored and
currently considered a secure mechanism for loading images. As of accessed by the cryptographic checksums of their contents, limiting the
Docker 1.3.2, images are now extracted in a chrooted subprocess on possibility of an attacker causing a collision with an existing image.
Linux/Unix platforms, being the first-step in a wider effort toward
privilege separation.
Eventually, it is expected that the Docker daemon will run restricted Eventually, it is expected that the Docker daemon will run restricted
privileges, delegating operations well-audited sub-processes, privileges, delegating operations well-audited sub-processes,