I'm considering using Docker Hardened Images for a brand new personal project. I've noticed that many Docker projects don't use a non-root user, which is a security risk, so I've been setting mine up to run as a non-root user. The Docker Hardened Images seem to address this security concern and also tackle other potential issues. However, since this is a personal project without collaborators, I wonder if there are any valid reasons to stick with standard unhardened Docker images instead. What do you think?
2 Answers
One drawback of using hardened images is that they often lack shells and may not support startup scripts, which could complicate your setup. Additionally, you might encounter missing core libraries, like when glibc is replaced with musl, and that could lead to some frustrating debugging moments, especially with interpreted languages.
Honestly, hardened images might be overkill for personal projects. They focus on minimizing attack vectors and require everything to be whitelisted, which means no usual ports, no shell access, and a read-only file system. This can make debugging really tough. It's like trying to use Kali Linux for everyday tasks—just unnecessary hassle.
Thanks! Do you think hardened images are more suitable for production environments?