Browse code
Update docker load security docs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tonis Tiigi authored on 2016/07/19 11:12:54Showing 1 changed files
| ... | ... |
@@ -120,13 +120,11 @@ certificates](https.md). |
| 120 | 120 |
|
| 121 | 121 |
The daemon is also potentially vulnerable to other inputs, such as image |
| 122 | 122 |
loading from either disk with 'docker load', or from the network with |
| 123 |
-'docker pull'. This has been a focus of improvement in the community, |
|
| 124 |
-especially for 'pull' security. While these overlap, it should be noted |
|
| 125 |
-that 'docker load' is a mechanism for backup and restore and is not |
|
| 126 |
-currently considered a secure mechanism for loading images. As of |
|
| 127 |
-Docker 1.3.2, images are now extracted in a chrooted subprocess on |
|
| 128 |
-Linux/Unix platforms, being the first-step in a wider effort toward |
|
| 129 |
-privilege separation. |
|
| 123 |
+'docker pull'. As of Docker 1.3.2, images are now extracted in a chrooted |
|
| 124 |
+subprocess on Linux/Unix platforms, being the first-step in a wider effort |
|
| 125 |
+toward privilege separation. As of Docker 1.10.0, all images are stored and |
|
| 126 |
+accessed by the cryptographic checksums of their contents, limiting the |
|
| 127 |
+possibility of an attacker causing a collision with an existing image. |
|
| 130 | 128 |
|
| 131 | 129 |
Eventually, it is expected that the Docker daemon will run restricted |
| 132 | 130 |
privileges, delegating operations well-audited sub-processes, |