Docker-based containers have the following security concerns:
- Kernel Sharing: In a container-based system, multiple containers share the same Kernel. If one container causes Kernel to go down, it will take down all the containers. In a virtual machine environment, we do not have this issue.
- Container Leakage: If a malicious user gains access to one container, it can try to access the other containers on the same host. If a container has security vulnerabilities it can allow the user to access other containers on the same host machine.
- Denial of Service: If one container occupies the resources of a Kernel then other containers will starve for resources. It can create a Denial of service attack-like situation.
- Tampered Images: Sometimes a container image can be tampered with. This can lead to further security concerns. An attacker can try to run a tampered image to exploit the vulnerabilities in host machines and other containers.
- Secret Sharing: Generally one container can access other services. To access a service it requires a Key or Secret. A malicious user can gain access to this secret. Since multiple containers share the secret, it may lead to further security concerns.