Docker containers have become so ubiquitous sometimes respected security professionals tweet ridiculous things like:
docker run -u zap -p 8080:8080 -p 8090:8090 -i owasp/zap2docker-stable zap-webswing.sh
— Jerry Gamblin (@JGamblin) June 7, 2016
…but it is 2016 and you should never run code on your machine if you don’t know what it does. These are mini-virtual machines and not magically secure little shipping containers*. At a minimum you should do these basic things to get some idea of what you are putting on your machine before you run it.
Pull the container first:
docker pull jgamblin/tiny-tor
Use Docker Inspect to look at the container’s metadata:
docker inspect jgamblin/tiny-tor
- Image The image this container is running.
- NetworkSettings The network settings for the container,
- LogPath The system path to this container’s log file.
- Name The user defined name for the container.
- Volumes Defines the volume mapping between the host system and the container.
- HostConfig Key configurations for how the container will interact with the host system. These could take CPU and memory limits, networking values, or device driver paths.
- Config The runtime configuration options set when the docker run command was executed.