This document contains a Docker API request to resize a container's dimensions to a height of 24 and width of 107. It also includes commentary on making Docker containers more secure by running them unprivileged without needing root access, using user namespaces, and removing remaining setuid bits and capabilities.

5. POST /v1.16/containers/
0abe202395e4e61fc35f8f90e3432ad0f2fb
3d3816a79c367ff716ecb57965dc/resize?
h=24&w=107 HTTP/1.1
Host: /var/run/docker.sock
User-Agent: Docker-Client/1.4.0
Content-Length: 0
Content-Type: plain/text

7. "In the future, we expect new execution engine
plugins to offer more choice and greater
granularity for our security-focused users."

9. all this crap running as root

10. including the containers
ran by unprivileged (not any more) users

11. „trusted” images
https://titanous.com/posts/docker-insecurity

12. KISS

13. user namespaces
completely unprivileged* containers in kernel 3.9+

14. remaining setuid bits
lxc-user-nic a couple netlink packets
if you need a private net with CAP_NET_ADMIN
!
newuidmap a single write()
newgidmap
if you need multiple uids/gids

15. https://github.com/gnosek/shoebox