It's a Magical World. Let's go exploring! « on Magical World
It's a Magical World. Let's go exploring! « on Magical World
Thoughts on operating systems, software engineering and beyond
There are many ways to harden a Docker container, one is to make the container layer read-only.
This might be a marginal improvement to security, first your application should not run as root or has special privileges (e.g. CAP_DAC_OVERRIDE ), so there is limited risk that an attacker exploiting a vulnerability of your application can modify sensitive applications. However, if you install your application within a Dockerfile as the application user (e.g. using bundle install ) make the base layer read-only might protect it from unwanted modification.
It's a Magical World. Let's go exploring! « on Magical World
It's a Magical World. Let's go exploring! « on Magical World