https://www.chenk.top/en/tags/devsecops/Recent content in DevSecOps on Chen Kai BlogHugoenThu, 22 Jun 2023 09:00:00 +0000https://www.chenk.top/en/docker-containers/07-security-and-best-practices/Thu, 22 Jun 2023 09:00:00 +0000https://www.chenk.top/en/docker-containers/07-security-and-best-practices/<p>Docker&rsquo;s default configuration prioritizes convenience over security. Containers run as root, have access to a broad set of Linux capabilities, and can write to their entire filesystem. This is fine for development but dangerous for production. A container escape vulnerability in a root-privileged container means an attacker can take over the host. Let&rsquo;s fix that.</p> <hr> <h2 id="the-threat-model" class="heading-anchor">The Threat Model<a href="#the-threat-model" class="heading-link" aria-label="Permalink to this section" title="Copy link to this section">#</a> </h2><p>Before securing your setup, understand what you&rsquo;re defending against:</p>