This is an automated email from the ASF dual-hosted git repository. pdallig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push: new 0bc83922f3 [ZEPPELIN-5863] Warn not to expose the docker daemon to untrusted users (#4526) 0bc83922f3 is described below commit 0bc83922f3c8f6245560b8aa877acd2cc3917bb9 Author: Arnout Engelen <arn...@bzzt.net> AuthorDate: Fri Dec 9 10:37:50 2022 +0100 [ZEPPELIN-5863] Warn not to expose the docker daemon to untrusted users (#4526) --- docs/quickstart/docker.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/quickstart/docker.md b/docs/quickstart/docker.md index 5e38547692..45e6bee669 100644 --- a/docs/quickstart/docker.md +++ b/docs/quickstart/docker.md @@ -55,6 +55,15 @@ vi `/etc/docker/daemon.json`, Add `tcp://0.0.0.0:2375` to the `hosts` configurat `hosts` property reference: https://docs.docker.com/engine/reference/commandline/dockerd/ +#### Security warning + +Making the Docker daemon available over TCP is potentially dangerous: as you +can read [here](https://docs.docker.com/engine/security/#docker-daemon-attack-surface), +the docker daemon typically has broad privileges, so only trusted users should +have access to it. If you expose the daemon over TCP, you must use firewalling +to make sure only trusted users can access the port. This also includes making +sure the interpreter docker containers that are started by Zeppelin do not have +access to this port. ## Quickstart