re: Docker: Restricting in- and outbound network traffic VIEW POST

TOP OF THREAD FULL DISCUSSION
re: I don't think this is safe approach. Because your container by default run as root (I mean root as host and container). Anyone who can access your ...
 

Thanks for your reply.

Drop your privilege when launching container

Exactly. That is the reason why the actual application is running as a non-privileged user within the container. The post is pretty old and there are better ways on the orchestration layer nowadays, but the key idea is to isolate network traffic within the container.

code of conduct - report abuse