kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Update docker load security docs 

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi 2016-07-18 19:12:54 -07:00
parent e6a97db2c9
commit f17469e890
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/security/security.md
View File

@ -120,13 +120,11 @@ certificates](https.md).
The daemon is also potentially vulnerable to other inputs, such as image The daemon is also potentially vulnerable to other inputs, such as image
loading from either disk with 'docker load', or from the network with loading from either disk with 'docker load', or from the network with
'docker pull'. This has been a focus of improvement in the community, 'docker pull'. As of Docker 1.3.2, images are now extracted in a chrooted
especially for 'pull' security. While these overlap, it should be noted subprocess on Linux/Unix platforms, being the first-step in a wider effort
that 'docker load' is a mechanism for backup and restore and is not toward privilege separation. As of Docker 1.10.0, all images are stored and
currently considered a secure mechanism for loading images. As of accessed by the cryptographic checksums of their contents, limiting the
Docker 1.3.2, images are now extracted in a chrooted subprocess on possibility of an attacker causing a collision with an existing image.
Linux/Unix platforms, being the first-step in a wider effort toward
privilege separation.
Eventually, it is expected that the Docker daemon will run restricted Eventually, it is expected that the Docker daemon will run restricted
privileges, delegating operations well-audited sub-processes, privileges, delegating operations well-audited sub-processes,