Skip to main content

Improving security in Docker is perhaps the main challenge of this technology for 2020.

The original idea of Docker containers was to make the best use of Linux features in terms of performance and management of the minimum resources required, and that is why their initial design was based on a collection of performance-focused kernel features with no special focus on security-related features.

After several security incidents reported throughout 2019, the evolution of Docker technology is oriented to take advantage of all the available functionality offered by the new versions of Linux Kernel 5.0 and especially those that improve security aspects.

The integration of Cgroups v2, for example, will give Docker better isolation and resource management capabilities.

The management of different types of workloads, mainly conditioned workloads requiring a degree of persistence, is also one of the main challenges in the evolution of this technology. The Internet of Things (IoT) and workloads built into small devices and industrial environments will be an important use case for Docker by 2020.

One of the Star features of the Linux kernel that Docker will take full advantage of in the future is "extended Berkeley Packet Filter" (eBPF).3 Michael Crosby, principal head of the Docker project, says seccomp and eBPF enable flexible interception of system calls within the core, opening the door to new control and security opportunities for containers.

Enhanced support for user namespaces will also be an important aspect, as it will help improve security by not over provisioning permissions by default to run containers.

Improving security in Docker is perhaps the main challenge of this technology for 2020.

Jose Antonio Gallas, Project Manager and Miguel Ares, Project Manager