1

I am going through compliance tasks to harden our Docker setup and I am seeing many things like

  • Favor using docker run with docker run --pids-limit 100 to prevent forkbombs
  • Favor using docker run with docker run --security-opt=no-new-privileges to be safe

etc...

I want to know if I can apply these settings across the board by, say, putting

...
"pids-limit": "100",
"security-opt": "no-new-privileges",
...

in /etc/docker/daemon.json

I prefer to just have a hardened config on all my machines I am hardening.

Tips and tricks?

Thanks.

David West
  • 1,533
  • 3
  • 18
  • 25

1 Answers1

1

Check out the dockerd options. This will apply to all containers managed by the Docker Daemon.

Docker also has quite a bit of documentation on how to enforce different standards and compliance here.

Wesley Rolnick
  • 2,772
  • 12
  • 26