You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pd...@apache.org on 2022/12/09 09:37:59 UTC
[zeppelin] branch master updated: [ZEPPELIN-5863] Warn not to expose the docker daemon to untrusted users (#4526)
This is an automated email from the ASF dual-hosted git repository.
pdallig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 0bc83922f3 [ZEPPELIN-5863] Warn not to expose the docker daemon to untrusted users (#4526)
0bc83922f3 is described below
commit 0bc83922f3c8f6245560b8aa877acd2cc3917bb9
Author: Arnout Engelen <ar...@bzzt.net>
AuthorDate: Fri Dec 9 10:37:50 2022 +0100
[ZEPPELIN-5863] Warn not to expose the docker daemon to untrusted users (#4526)
---
docs/quickstart/docker.md | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docs/quickstart/docker.md b/docs/quickstart/docker.md
index 5e38547692..45e6bee669 100644
--- a/docs/quickstart/docker.md
+++ b/docs/quickstart/docker.md
@@ -55,6 +55,15 @@ vi `/etc/docker/daemon.json`, Add `tcp://0.0.0.0:2375` to the `hosts` configurat
`hosts` property reference: https://docs.docker.com/engine/reference/commandline/dockerd/
+#### Security warning
+
+Making the Docker daemon available over TCP is potentially dangerous: as you
+can read [here](https://docs.docker.com/engine/security/#docker-daemon-attack-surface),
+the docker daemon typically has broad privileges, so only trusted users should
+have access to it. If you expose the daemon over TCP, you must use firewalling
+to make sure only trusted users can access the port. This also includes making
+sure the interpreter docker containers that are started by Zeppelin do not have
+access to this port.
## Quickstart