In this chapter, we took a deep dive into Docker security with an overview of cgroups and kernel namespace. We also went over some of the aspects of filesystems and Linux capabilities, which containers leverage in order to provide more features, such as the privileged containers, but at the cost of exposing itself more on the threat side. We also saw how containers can be deployed in a secured environment in AWS ECS (EC2 container service) using proxy containers to restrict vulnerable traffic. AppArmor also provides kernel-enhancement features in order to confine applications to a limited set of resources. Leveraging their benefits to Docker containers helps us to deploy them in a secured environment. Finally, we had a quick dive into Docker security benchmarks and some of the important recommendations that can be followed during auditing and Docker deployment in the production environment.

In the next chapter, we will learn about tuning and troubleshooting in the Docker network using various tools.