Docker/container security best practice?


sdamaged

Recommended Posts

Just wondering if there is a best practice guide for setting up containers?

I was concerned that the standard share that seems to be mapped for almost every installed container /mnt/user gives the container full access to the entire unraid server (which i get makes things easy)

So i removed this from Plex as a test, and added a specific path for every single share and then amended each library and rescanned. It was a lot more work of course, and is it really worth it?

Is giving a container full access to the entire share ever necessary, and is it better practice to lock it down to what it only actually needs?

Link to comment
51 minutes ago, sdamaged said:

is it better practice to lock it down to what it only actually needs?

This.

 

Best practice is to give docker containers access to only the things that they need. For instance my plex container has a read/write mount for its config /mnt/user/appdata/plex and read only mounts for my media shares /mnt/user/tv/ and /mnt/user/movies/

Link to comment
9 minutes ago, sdamaged said:

Hmm so really i could have just amended the main mnt/user share to read only and saved a load of work! Lol

While that is the easy path mapping to make, it's not what I would call best practice from a security point of view.

 

Plex really doesn't need access to your banking info, or your documents, or those "special" pictures everyone hides from their wife.

  • Haha 3
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.