Docker containers for applications on Linux

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent “containers” to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines.

Docker documentation


Docker security


Installing Docker

Installing docker requires root priviledges.

For CentOS hosts see Installing Docker - CentOS-7:

yum install docker
systemctl start docker
systemctl enable docker

To get the latest stable official CentOS image on Docker_Hub:

docker pull centos

To test this Docker container:

docker run centos cat /etc/centos-release

See the man docker-run manual page.

To display running containers:

docker ps
docker ps -a

To stop a running container:

docker stop <CONTAINER-ID>

Running docker as non-root user

In many places you will see this bad advice about adding users to the docker group:

  • To permit a named user to user Docker:

    DON'T DO THIS: usermod -a -G docker <your-user>

On RHEL7/CentOS7 this is not permitted for security reasons. In Bug 1214104 - /var/run/docker.sock permissions this is explained:

We don't want to allow docker access from non privileged users since this is the equivalent of allowing these users root access with no logging.  We would prefer that you set them up to use sudo.
We will not fix this issue until we have proper logging and Access Control built into docker.

Conclusion: Users must use sudo to run docker, or docker must be run by root.

Setting up sudo to run docker

Advice for running docker via sudo:

First install the sudo RPM:

yum install sudo

Then use the command visudo to edit /etc/sudoers to include a line for user XXX:

XXX  ALL=(ALL) /usr/bin/docker