2.11 Use authorization plugin

Information

Use authorization plugin to manage access to Docker daemon.Dockers out-of-the-box authorization model is all or nothing. Any user with permission to
access the Docker daemon can run any Docker client command. The same is true for callers
using Dockers remote API to contact the daemon. If you require greater access control, you
can create authorization plugins and add them to your Docker daemon configuration. Using
an authorization plugin, a Docker administrator can configure granular access policies for
managing access to Docker daemon.

Solution

Step 1- Install/Create an authorization plugin.Step 2- Configure the authorization policy as desired.Step 3- Start the docker daemon as below-dockerd --authorization-plugin=<PLUGIN_ID>Impact-Each docker command specifically passes through authorization plugin mechanism. This
might introduce a slight performance drop.Default Value-By default, authorization plugins are not set up.

See Also

https://workbench.cisecurity.org/files/517

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2

Plugin: Unix

Control ID: ceb10d880e6d6f815701bcf253d1a00daf368dbcb84a4d3c5849a0c2d406f5a9