Is it safe to trust a Docker container?

At the moment there is no way to easily work out whether to trust specific docker containers. There are base containers provided by Docker and OS providers which they call "trusted" but the software lacks good mechanisms as yet (e.g. digital signing) to check that images haven't been tampered with.

For clarification to quote the recently released CIS security standard for docker section 4.2

Official repositories are Docker images curated and optimized by the Docker community or the vendor. But,the Docker container image signing and verification feature is not yet ready.

Hence, the Docker engine does not verify the provenance of the container images by itself.

You should thus exercise a great deal of caution when obtaining container images.

When you get into the world of general 3rd party containers from Docker hub, the picture is even trickier. AFAIK docker do no checking of other peoples container files, so there's a number of potential problems

  • The container contains actual malware. Is this likely, no one knows. Is it possible, yes.
  • The container contains insecure software. Dockerfiles are basically like batch scripts that build a machine. I've seen several that do things like download files over unencrypted HTTP connections and then run them as root in the container. For me that's not a good way to get a secure container
  • The container sets an insecure settings. Docker is all about automating set-up of software which means that you are, to an extent, trusting all the people who made the dockerfiles to have configured them as securely as you would have liked them to.

Of course you could audit all the dockerfiles, but then once you've done that you'd almost have been better just configuring the thing yourself !

As to whether this is "worth the risk", I'm afraid that's a decision only you can really make. You are trading off the time needed to develop and maintain your own images, against the increased risks that someone involved in the production of the software you download will either be malicious or have made a mistake with regards to the security of the system.

Trust it as much as any unsigned code that you run on your systems. Containers are just processes with some extra namespace protections on them, so that's all the protections they get. They still talk to the same kernel underneath.

It's best to consider a Docker container to be the same as running an application on the host system. There are some attempts to lock down the Docker daemon by removing Linux Kernel capabilities, but this is not really a guarantee. If you do run Docker, there are a few things you can do to help mitigate some of this risk.

  • SELinux - Enabling this will automatically generate an MCS label for each container, limiting its ability to do damage.
  • Read-Only - You can also mark the container read-only which can allow you make large portions of the container's image read-only, which can make it harder for an attacker to deploy malware.
  • Self-Hosted Registry - To reduce the risk of image tampering, loading malicious containers, leaking secrets, or otherwise putting yourself at risk you can host a registry internally. is an example of one which sits on top of S3, though there are other options as well.