Containers security
docker run -d
-v data:/data
-p 11234: 11234
—security-opt=no-new-privileges
—cap-drop=ALL
—cap-add=SYS_NICE
—memory=8g
—memory-swap=8g
—cpus=4
—read-only
—name a-secure-container
docker.io/bla
docker run -d
-v data:/data
-p 11234: 11234
—security-opt=no-new-privileges
—cap-drop=ALL
—cap-add=SYS_NICE
—memory=8g
—memory-swap=8g
—cpus=4
—read-only
—name a-secure-container
docker.io/bla