Docker Community Forums

Share and learn in the Docker community.

How can a per-connection docker sandbox instance be securely encapsulated?

docker

(Jlettvin) #1

I have written a custom wiki which may arbitrarily call any linux app as a backend such as gnuplot, graphviz, python, PHP, node.js, or even a custom program.

Clearly this can be used for security breach injection if care is not taken. My question is “can docker provide enough security for a small trusted group?”. If so, can someone familiar with docker show me working examples, or point me in a useful direction?

My prototype wiki is not secure, and it would be easy to crash or take over the host server. Would launching a per-connection docker instance, having a rich linux app set, be able to provide an unbreachable wall between the app execution environment and the host server?

The goal is to have lightweight throwaway machines capable of performing heavyweight operations in a sandbox.

I am new to docker, and only getting started. Advice is welcome.