Skip to content

security(container-host-isolation): add docker security config #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Pangjiping merged 1 commit into from
Dec 19, 2025
Merged

security(container-host-isolation): add docker security config #19

Pangjiping merged 1 commit into from
Dec 19, 2025

Conversation

@hellomypastor
Copy link
Contributor

@hellomypastor hellomypastor commented Dec 19, 2025
edited
Loading

Summary

  • Add security hardening knobs for Docker sandboxes (cap drop, no-new-privileges, seccomp, AppArmor, PID limit, optional read-only rootfs) and
    propagate them into container creation.
  • Document recommended secure defaults (EN/zh) and update example config for a strict baseline.
  • Add a unit test to ensure security options are injected into host config.
  • Fixes security-enhanced for docker impl service #16

Testing

  • Not run (explain why) — pytest not installed in env (No module named pytest)
  • Unit tests
  • Integration tests
  • e2e / manual verification

Breaking Changes

  • None
  • Yes (describe impact and migration path)

Checklist

  • Linked Issue or clearly described motivation
  • Added/updated docs (if needed)
  • Added/updated tests (if needed)
  • Security impact considered
  • Backward compatibility considered

@Pangjiping Pangjiping added the enhancement New feature or request label Dec 19, 2025
Pangjiping
Pangjiping reviewed Dec 19, 2025
View reviewed changes
@hellomypastor hellomypastor force-pushed the security/container-host-isolation branch from baee9df to eca429a Compare December 19, 2025 09:28
@Pangjiping
Copy link
Collaborator

Pangjiping commented Dec 19, 2025

LGTM

@Pangjiping Pangjiping merged commit e4469ac into alibaba:main Dec 19, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Pangjiping Pangjiping Pangjiping left review comments

@jwx0925 jwx0925 Awaiting requested review from jwx0925 jwx0925 is a code owner

@hittyt hittyt Awaiting requested review from hittyt

@ninan-nn ninan-nn Awaiting requested review from ninan-nn ninan-nn is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

security-enhanced for docker impl service

2 participants

@hellomypastor @Pangjiping