This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Red_Con_ on 2025-02-23 21:18:46+00:00.

Hey,

I would like to tighten up the security of my Docker containers. The issue is that I feel like most beginner guides just show you the most basic way to start up a container without having security in mind and the more security-oriented guides are aimed at advanced users so they skim over steps that are important for beginners.

Let’s take a couple of examples from the commonly mentioned OWASP cheatsheet:

• Rule #3 says that you should only grant the necessary capabilities but how do I know what capabilities each container needs?
• Rule #6 tells you to use linux security module but there is no further info outside of links to the docs which are honestly not understandable to me as a beginner
• Rule #11 telling you to run Docker in rootless mode and while it mentions potential downsides through Docker docs they are not exactly comprehensible for a less experienced person (or at least for me)

I’m also missing potential implications of messing with these settings because tightening security can easily lead to e.g. permission errors in my opinion. I personally don’t have an issue with doing my own research as well but I feel like each rule in the cheatsheet can take you down its own rabbit hole and this way it gets too overwhelming for someone who is just starting out and only wants to spin up a couple of containers.

I’ve also seen Podman mentioned quite often (even the OWASP cheatsheet mentions it) as a secure alternative to Docker. I’d prefer to stay with Docker since most guides are Docker-oriented but when I see how complicated securing Docker is I’m thinking whether it wouldn’t be easier to just switch.

So as the title states, I’d like to know whether there are any beginner-friendly guides for securing Docker containers according to best practices or whether I should switch to Podman which should be more secure out of the box.

Thanks!