The Docker Engine efficiently protects the containers from any malicious activities by leveraging the recently mentioned resource isolation and control techniques. Nonetheless, Docker exposes a few potential security threats because the Docker daemon runs with the root privilege. Here, in this section, we list out a few security risks and the best practices to mitigate them.

Another important principle to adhere to is the least privilege. Each process within a container has to run with the minimal access rights and resources in order to deliver its function. The advantage here is that if a container gets compromised, the other resources and data can escape from further attacks.