Docker vs VM

Docker security enhancements arrive in 1.4.0 and 1.3.3 releases

Coman Hamilton
Docker creator Solomon Hykes presents new features at the European Docker Conference. © Joni Israeli / Docker

Docker is struggling to get past the issue of security, while classicists claim that containers are inherently less secure than the virtual machine.

Throughout its stellar rise in the past 20 months, there’s been one issue that has constantly plagued Docker – the same issue that nags at every new technology: security.

Earlier this year, it emerged that older versions of the container technology (up to 1.3.1) were vulnerable to malicious code that could assume unassigned privileges with the host server.

Meanwhile, Docker-sceptics have argued that the traditional alternative of the virtual machine offers more security because it’s more self-contained than Docker containers. Although the company security page claims that containers are “quite secure”, Docker had itself previously stated that their system is safest when only containers from one owner are run on the same host.

Following a round of security updates in version 1.3, Docker has now announced another set of improvements to its still-young container technology at the European Docker Conference in Amsterdam.

More security for containers

Docker has closed three critical security holes in version 1.3.3 of its Docker Engine. Since 1.3.2, malicious Docker files, images and registries could compromise a Docker host in order to manipulate images or to replace official repository images. One of these “allowed malicious images or builds from malicious Dockerfiles to write files to the host system and escape containerization, leading to privilege escalation,” Docker explained.

These fixes are also part of the simultaneously released Docker 1.4. Focusing mostly on bug fixes and improved stability, this version combines more than 180 commits and even adds a few small features. One of these is the new Overlay Filesystem, an “experimental” storage driver that offers an alternative to the “Root” subdirectory (a plain filesystem hierarchy) that all Docker images have.

SEE ALSO: Docker announces enterprise expansion amid news of CoreOS competition

Docker clearly recognises its struggle with security and has outlined a number of measures, such as external security auditing, that the company is taking to test its system.

As we grow, we will continue our investment in our security team, contributions, tooling and processes. This investment will make Docker safer, helping it become a secure and trusted partner for our users.

Docker has already won over a number of clients to its new Docker Hub Enterprise offering, yet many interested enterprises may still be holding off on a switch to Docker until the technology has a proven track record in security.

Coman Hamilton
Coman was Editor of at S&S Media Group. He has a master's degree in cultural studies and has written and edited content for numerous news, tech and culture websites and magazines, as well as several ad agencies.

Inline Feedbacks
View all comments