However, if you are running an application that requires executing with the root user, there is a way to minimize the chances of malicious activity. The best way to prevent Docker container privilege escalation is not using privileged containers at all. How to Minimize Docker Container Privilege Escalation? The most common scenario is when a legitimate user abuses the given privilege for malicious activity. A cyberattacker could connect to the host from the container and endanger the established infrastructure and configuration. It creates opportunities for malicious users to take control of the system.Īllowing a container root access to everything on the system opens a window of opportunity for cyberattacks. Having privileged containers is a security risk for any organization. Possible Breaches Via Privileged Containers Exposing the kernel and the hardware resources of the host to any outside cyberattack is always a potential threat to the system.įor this reason, it is not recommended to use privileged containers in a production environment. Just like Ubuntu discourages using the system as root, so does Docker. Why Running Privileged Containers is Not Secure?