I have developed a solution based around Docker and the Docker API. Now, I am trying to make it as secure as possible. I have enabled TLS and have configured my own Docker Registry to help reduce the risk of unwanted images and unauthorized access. Furthermore, I have enabled SELinux and am using IPTables to ensure only the clients I want can access the Docker API.
Firstly, I can assume the Docker host is fully secure. While that might not been the case in reality, it is not the problem I want to deal with at the moment.
The concern I have been presented with has to do with the approved clients, and their ability to do pretty much anything if hacked into. So, if the client is compromised, so are the client keys. A hacker in that scenario could issue Docker API request to build images (from provided tar), start images and anything else on my Docker host. My task is to try to prevent this.
One thought I had was to somehow allow Docker API to only start an approved set of images. If there is a way to do this, however, I cannot find it.
Another idea was to prevent Docker API from building images at all. Again, if there is a way to do that, I cannot find it.
So, I may get pinged for not asking a direct enough question, however...
Any suggestions on how I can limit the allowable functionality of a Docker API client???
Thank you for any ideas. I am running Docker 1.8.2 on Centos 7.
