How can a per-connection docker sandbox instance be securely encapsulated?

jlettvin · March 7, 2016, 12:33pm

I have written a custom wiki which may arbitrarily call any linux app as a backend such as gnuplot, graphviz, python, PHP, node.js, or even a custom program.

Clearly this can be used for security breach injection if care is not taken. My question is “can docker provide enough security for a small trusted group?”. If so, can someone familiar with docker show me working examples, or point me in a useful direction?

My prototype wiki is not secure, and it would be easy to crash or take over the host server. Would launching a per-connection docker instance, having a rich linux app set, be able to provide an unbreachable wall between the app execution environment and the host server?

The goal is to have lightweight throwaway machines capable of performing heavyweight operations in a sandbox.

I am new to docker, and only getting started. Advice is welcome.

Topic		Replies	Views
Is Docker Secure Enough? General security	2	862	February 15, 2017
Docker Security General security , docker	0	1163	May 19, 2016
Hey, I'm planning to use Docker for a large project, little concerned about security, can you help? General security	7	2777	January 31, 2017
Docker with Web Server and Database Server General dockerhub , dockersecurityscan , security , docker	3	15906	June 8, 2016
New to Docker. If I have a docker container running on my machine, say MySQL, do I need to have a secure password? Docker Hub	0	297	September 29, 2020

How can a per-connection docker sandbox instance be securely encapsulated?

Related topics