All articles tagged with #docker
Three critical vulnerabilities in the runC container runtime used by Docker and Kubernetes could allow attackers to escape containers and gain root access to host systems. While no active exploits have been reported, mitigation strategies include enabling user namespaces and using rootless containers. Fixes are available in recent runC versions.
The article advocates for self-hosting personal and small business services, emphasizing that most projects don't require cloud scale and can be managed on a well-secured VPS with proper setup, backups, and security measures. It discusses the trade-offs between self-hosting and managed services, highlighting security concerns, the importance of backups, and the practicality of using tools like Docker, Kubernetes, and reverse proxies. The author also touches on the challenges of email hosting, security risks, and the value of control and portability in self-hosted environments.
Docker has released version 4.44.3 to fix a critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS that could allow attackers to escape containers and gain full host access, with a CVSS score of 9.3. The flaw stems from unauthenticated access to the Docker Engine API, enabling malicious containers to compromise the host system, especially on Windows, while Linux remains unaffected.
Businesses can run penetration testing using Kali Linux as a Docker container, eliminating the need for a full operating system installation. By deploying Kali Linux as a Docker container, security staff or administrators can easily access a headless container and utilize the wide range of pen-testing tools available. The process involves installing Docker, pulling the Kali Linux image, deploying the container, and installing the necessary pen-testing tools. The resulting container can be saved and reused for future testing, making it a flexible and efficient method for conducting penetration testing.
This article explains how to share data between two Docker containers using volumes. It provides step-by-step instructions for installing Docker on Ubuntu Server and demonstrates the basic sharing of data between two containers. It also shows how to share a data volume between two NGINX containers, allowing them to serve different content. The article highlights the versatility and potential applications of data sharing in Docker containers.
DockSTARTer is a terminal application that simplifies the deployment of containerized applications for those new to Docker. It guides users through the deployment process via an easy-to-navigate menu system, allowing for customization of configurations. The app is not exhaustive in its list of available applications, but it is a great tool for learning the ins and outs of Docker deployment. The installation process for DockSTARTer is straightforward and requires the installation of Docker and Docker Compose.
Bitwarden, a popular password manager, can be deployed on-premises with Docker for added security. The process is easy and requires a running instance of an operating system that supports Docker, a user with sudo privileges, and an SMTP server. The installation process involves running a script and configuring environment variables for the SMTP server. It is crucial to use an SSL certificate for Bitwarden to function properly. Once installed, users can create accounts and enjoy added privacy for their sensitive data.