Public Repository

Last pushed: 2 years ago
Short Description
Secured version of Ubuntu 14.04 LTS with working cron daemon, own syslog, backup etc.
Full Description

##What are the problems with the stock Ubuntu base image?

Ubuntu is not designed to be run inside docker. Its init system, Upstart, assumes that it's running on either real hardware or virtualized hardware, but not inside a Docker container. But inside a container you don't want a full system anyway, you want a minimal system. But configuring that minimal system for use within a container has many strange corner cases that are hard to get right if you are not intimately familiar with the Unix system model. This can cause a lot of strange problems.

This version gets everything right. The “Contents” section describes all the things that it modifies.

##Using this version of Ubuntu

###Testing

To look around in the image, run:

docker run -t -i secure/ubuntu /sbin/my_init -- bash -l

You don't have to download anything manually. The above command will automatically pull the secure/ubuntu image from the Docker registry.

###Production use

The image is called secure/ubuntu, and is available on the Docker registry. Therefore you can just use this Dockerfile template to create your own images:

FROM secure/ubuntu

# Use secure/ubuntu's init system.
CMD ["/sbin/my_init"]

# ...put your own build instructions here...

# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

##Contents

This Ubuntu version only contains essential components. Learn more about the rationale.

  • Ubuntu 14.04 LTS as base system.
  • A correct init process (learn more).
  • Fixes APT incompatibilities with Docker.
  • syslog-ng.
  • The cron daemon.
  • Secure backup.
  • An optional SSH server (disabled by default), for those use cases where docker exec is inappropriate.
    • Password and challenge-response authentication are disabled by default. Only key authentication is allowed.
    • It allows an predefined key by default to make debugging easy. You should replace this ASAP. See instructions.
  • Runit for service supervision and management.

It is partially based on Phusion Baseimage.

Docker Pull Command
Owner
secure

Comments (0)