2.13 Disable operations on legacy registry (v1)

Information

The latest Docker registry is v2. All operations on the legacy registry version (v1) should be restricted.

Rationale:

Docker registry v2 brings in many performance and security improvements over v1. It supports container image provenance and other security features such as image signing and verification. Hence, operations on Docker legacy registry should be restricted.

Solution

Start the docker daemon as below:

dockerd--disable-legacy-registry

Impact:

Legacy registry operations would be restricted.

Default Value:

By default, legacy registry operations are allowed.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: f012289e7c4049ba53259199ed0e19445f5481868ff15be2c240caae853eee5c