Disable certain Docker run options
As mentioned in issue 22223
There are a whole lot of ways in which users can elevate privileges through docker run, eg by using
--privileged
.
You can stop this by:
- either not directly providing access to the daemon in production, and using scripts,
(which is not what you want here)
- or by using an auth plugin to disallow some options.
That is:
dockerd --authorization-plugin=plugin1
Which can lead to: