Docker 1.2 punches up security, day-to-day management

The popular Docker app-container project tweaks its feature set, but far bigger changes are waiting in the wings

Docker 1.2, the newest version of the popular app-container solution, was officially released earlier today. The changes are incremental, but they hint at how Docker's day-to-day workings are being polished and refined -- especially in terms of security and manageability -- by its growing base of users, developers, and third-party contributors.

One key new feature in 1.2 is restart policies, a way to tell Docker how to handle the behavior of a given container if it dies. Earlier versions of Docker had a far less interactive way to control this behavior, but with 1.2, individual containers can either always restart on a failure, always restart no matter what the exit code, or never restart.

Another addition hints at Docker's shifting treatment of privileges and permissions. Two new flags, --cap-add and --cap-drop, allow privileges to be added to or removed from containers when they're run, instead of running with whatever permissions have been baked into them.

The way outbound traffic is routed to containers has been changed, with the proxy that handles such traffic now running in its own per-connection process. "This greatly reduces the load on the [Docker] daemon, which considerably increases stability and efficiency," said Docker in its blog post.

Other minor additions include the ability to modify /etc/hosts and networking metadata on the fly within a running container, as well as the ability to attach specific devices to a container without needing to apply potentially dangerous privilege escalations to that container.

As this is a revision to the right of the decimal point, Docker doesn't yet have the changes likely to show up in the long run -- such as deeper integration of the work done by Orchard into the product, a Windows-specific version of the product (as opposed to a solution like Boot2Docker), or many of the other long-term items expected to find their way into Docker courtesy of Google's Kubernetes project. Work on that broad and deep a level deserves the 2.0 label; the only question is how soon we'll see any of it.

This story, "Docker 1.2 punches up security, day-to-day management," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies