The Docker commands
Let's take a look at the Docker commands that can be used to help tighten up security as well as view information in the images you might be using. There are two commands that we are going to be focusing on.
The first will be the docker run
command, so you can see some of the items you can use to your advantage with this command. Second, we will take a look at the docker diff
command (that we went over in the previous chapter) that you can use to view what has been done with the image that you are planning to use.
docker run
With respect to the docker run
command, we will mainly focus on the option that allows you to set everything inside the container as read-only instead of a specified directory or volume. Let's take a look at an example and break down what it exactly does:
$ docker run --name mysql --read-only -v /var/lib/mysql -v /tmp:/tmp:rw -e MYSQL_ROOT_PASSWORD=password -d mysql
Here, we are running a mysql
container and setting the entire container as read-only...