40747fcca7
Add "Run the Docker daemon as a non-root user (Rootless mode)": `engine/security/rootless.md` The content is based on https://github.com/moby/moby/blob/master/docs/rootless.md `rootless.md` in `moby/moby` will be replaced of the link to the `docs.docker.com` page compiled from `rootless.md` in this repo. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
1.4 KiB
description, keywords, title, redirect_from
| description | keywords | title | redirect_from | |
|---|---|---|---|---|
| Sec | seccomp, security, docker, documentation | Secure Engine |
|
This section discusses the security features you can configure and use within your Docker Engine installation.
-
You can configure Docker's trust features so that your users can push and pull trusted images. To learn how to do this, see Use trusted images in this section.
-
You can protect the Docker daemon socket and ensure only trusted Docker client connections. For more information, Protect the Docker daemon socket
-
You can use certificate-based client-server authentication to verify a Docker daemon has the rights to access images on a registry. For more information, see Using certificates for repository client verification.
-
You can configure secure computing mode (Seccomp) policies to secure system calls in a container. For more information, see Seccomp security profiles for Docker.
-
An AppArmor profile for Docker is installed with the official .deb packages. For information about this profile and overriding it, see AppArmor security profiles for Docker.
-
You can map the root user in the containers to a non-root user. See Isolate containers with a user namespace.
-
You can also run the Docker daemon as a non-root user. See Run the Docker daemon as a non-root user (Rootless mode).