Open-Source Wikis

/

Moby

/

Security

moby/moby

Security

Moby is a privileged daemon that exposes container management to local clients (and, optionally, remote clients). The trust boundary is between the API client and the daemon; everything below the daemon (containerd, kernel) is fully trusted.

For reporting vulnerabilities, see SECURITY.md: mail security@docker.com privately rather than filing a public issue.

Trust boundaries

graph LR
  External[External tooling] -->|TLS| TCPSocket[TCP socket]
  CLI[Local docker CLI] -->|Unix socket| UnixSocket
  TCPSocket --> Server[daemon/server]
  UnixSocket --> Server
  Server -->|trusted| Daemon
  Daemon -->|trusted| Containerd
  Daemon -->|trusted| Libnetwork
  Daemon --> Plugins[Plugins<br/>(out-of-process)]
  Daemon --> Registries[Image registries]
  • The daemon trusts all callers that get past authentication. By default, that's anything with read/write access to /var/run/docker.sock — typically root or members of the docker group, which is essentially equivalent to root.
  • TCP listeners require TLS in production; the daemon will refuse to listen on TCP without --tls* flags or a config file enabling it.

Authorization plugins

For finer-grained authorization, the daemon supports authorization plugins (pkg/authorization/). When configured via --authorization-plugin=name, every request goes through pre/post hooks that can deny or modify it. The chain is wired into the server middleware. See Plugins.

Sandboxing inside containers

The daemon sets up several layers of process isolation when starting a container:

Mechanism Where
Linux namespaces (mnt, pid, net, ipc, uts, user, cgroup) OCI spec generated in daemon/oci_linux.go.
Cgroup v1/v2 limits OCI resources block; runtime config in daemon/runtime_unix.go.
Seccomp Default profile from github.com/moby/profiles/seccomp. Wiring: daemon/seccomp_linux.go.
AppArmor Default profile from github.com/moby/profiles/apparmor. Wiring: daemon/apparmor_default.go.
Capability set Drop all by default, add a small allowlist (CAP_NET_BIND_SERVICE, CAP_AUDIT_WRITE, etc.).
User namespaces --userns-remap=.... Implementation: daemon/internal/idtools/.
Rootless mode Run the entire daemon as a non-root user. Code: daemon/internal/rootless/, docs/rootless.md.

--privileged containers bypass most of this. Some flags (--cap-add SYS_ADMIN, --security-opt seccomp=unconfined) loosen specific layers; the daemon does not police whether the resulting combination is safe.

Image trust

  • Pulls are HTTPS by default. Insecure registries must be explicitly listed in daemon.json (insecure-registries).
  • Manifest digests are verified against descriptors during pull (see pull_v2.go on the legacy path; containerd's resolver on the modern path).
  • The OCI policy helpers from github.com/moby/policy-helpers (referenced by Daemon) provide a hook for image-policy enforcement.

Build-time secrets

BuildKit supports --secret and --ssh mounts that never persist into the produced image. The classic builder does not. Avoid embedding credentials in RUN commands; use BuildKit secrets.

Docker socket exposure

Mounting /var/run/docker.sock into a container gives that container root on the host. The README and docs are explicit about this. Authorization plugins can mitigate, but the daemon does not enforce per-client capability scoping.

Firewall and iptables

The bridge driver inserts iptables rules for masquerading, isolation, and port forwarding. They live in daemon/libnetwork/iptables/ and the bridge driver. nftables support is in daemon/libnetwork/internal/nftabler/. The daemon does not currently audit pre-existing rules; conflicts can produce surprising results (see the design notes under daemon/libnetwork/docs/).

Supply chain

  • Dependencies are vendored under vendor/ and verified by make validate-vendor.
  • The go.sum file is checked.
  • CI runs CodeQL (.github/workflows/codeql.yml) and zizmor (.github/workflows/zizmor.yml) on every PR.
  • Release artifacts are signed; cosign attestations are produced during the release build.

Reporting

SECURITY.md describes the disclosure process: private email, 72-hour acknowledgement, draft GitHub Security Advisory, embargoed coordination, public disclosure once a patched release is out.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Security – Moby wiki | Factory