docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Eci patch 2 (#16152) 

* correct outdated eci information

* move IAM into Hardened Desktop
This commit is contained in:
Allie Sadler 2022-11-14 13:14:14 +00:00 committed by GitHub
parent 9f814f66a4
commit aca1285b61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1297,6 +1297,8 @@ manuals:
title: FAQs and known issues title: FAQs and known issues
- path: /desktop/hardened-desktop/registry-access-management/ - path: /desktop/hardened-desktop/registry-access-management/
title: Registry Access Management title: Registry Access Management
- path: /docker-hub/image-access-management/
title: Image Access Management
- sectiontitle: Dev Environments (Beta) - sectiontitle: Dev Environments (Beta)
section: section:
- path: /desktop/dev-environments/ - path: /desktop/dev-environments/

1
assets/images/image-access.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#677285"><path d="M0 0h24v24H0V0z" fill="none"/><path d="M22 16V4c0-1.1-.9-2-2-2H8c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2zm-10.6-3.47l1.63 2.18 2.58-3.22c.2-.25.58-.25.78 0l2.96 3.7c.26.33.03.81-.39.81H9c-.41 0-.65-.47-.4-.8l2-2.67c.2-.26.6-.26.8 0zM2 7v13c0 1.1.9 2 2 2h13c.55 0 1-.45 1-1s-.45-1-1-1H5c-.55 0-1-.45-1-1V7c0-.55-.45-1-1-1s-1 .45-1 1z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 463 B

2
desktop/hardened-desktop/enhanced-container-isolation/index.md
View File

@ -31,7 +31,7 @@ Enhanced Container Isolation helps ensure strong container isolation and also lo
### What happens when Enhanced Container Isolation is enabled? ### What happens when Enhanced Container Isolation is enabled?
When Enhanced Container Isolation is enabled using [Settings Management](../settings-management/index.md), the following features are enabled: When Enhanced Container Isolation is turned on, the following features are enabled:
- All user containers are automatically run in Linux User Namespaces which ensures stronger isolation. - All user containers are automatically run in Linux User Namespaces which ensures stronger isolation.
- The root user in the container maps to an unprivileged user at VM level. - The root user in the container maps to an unprivileged user at VM level.

21
desktop/hardened-desktop/index.md
View File

@ -1,7 +1,7 @@
--- ---
title: Hardened Desktop title: Hardened Desktop
description: Overview of what Hardened Desktop is description: Overview of what Hardened Desktop is
keywords: security, hardened desktop, enhanced container isolation, registry access management, admin controls, root access, admins, docker desktop keywords: security, hardened desktop, enhanced container isolation, registry access management, settings management root access, admins, docker desktop, image access management
--- ---
>Note >Note
> >
@ -17,13 +17,14 @@ Hardened Desktop includes:
- Settings Management, which helps admins to confidently manage and control the usage of Docker Desktop within their organization. - Settings Management, which helps admins to confidently manage and control the usage of Docker Desktop within their organization.
- Enhanced Container Isolation, a setting that instantly enhances security by preventing containers from running as root in Docker Desktops Linux VM and ensures that any configurations set using Settings Management, cannot be modified by containers. - Enhanced Container Isolation, a setting that instantly enhances security by preventing containers from running as root in Docker Desktops Linux VM and ensures that any configurations set using Settings Management, cannot be modified by containers.
- Registry Access Management, which allows admins to control the registries developers can access. - Registry Access Management, which allows admins to control the registries developers can access.
- Image Access Management, which gives admins control over which images developers can pull from Docker Hub.
Docker plans to continue adding more security enhancements to the Hardened Desktop security model. Docker plans to continue adding more security enhancements to the Hardened Desktop security model.
<div class="component-container"> <div class="component-container">
<!--start row--> <!--start row-->
<div class="row"> <div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block"> <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
<div class="component"> <div class="component">
<div class="component-icon"> <div class="component-icon">
<a href="/desktop/hardened-desktop/settings-management/"><img src="/assets/images/lock.svg" alt="Hardened Desktop" width="70" height="70"></a> <a href="/desktop/hardened-desktop/settings-management/"><img src="/assets/images/lock.svg" alt="Hardened Desktop" width="70" height="70"></a>
@ -32,7 +33,7 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
<p>Learn how Settings Management can secure your developers' workflows.</p> <p>Learn how Settings Management can secure your developers' workflows.</p>
</div> </div>
</div> </div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block"> <div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
<div class="component"> <div class="component">
<div class="component-icon"> <div class="component-icon">
<a href="/desktop/hardened-desktop/enhanced-container-isolation"><img src="/assets/images/secure.svg" alt="Release notes" width="70" height="70"></a> <a href="/desktop/hardened-desktop/enhanced-container-isolation"><img src="/assets/images/secure.svg" alt="Release notes" width="70" height="70"></a>
@ -41,7 +42,11 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
<p>Understand how Enhanced Container Isolation can prevent container attacks. </p> <p>Understand how Enhanced Container Isolation can prevent container attacks. </p>
</div> </div>
</div> </div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block"> </div>
</div>
<div class="component-container">
<!--start row-->
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
<div class="component"> <div class="component">
<div class="component-icon"> <div class="component-icon">
<a href="/desktop/hardened-desktop/registry-access-management/"><img src="/assets/images/registry.svg" alt="Hardened Desktop" width="70" height="70"></a> <a href="/desktop/hardened-desktop/registry-access-management/"><img src="/assets/images/registry.svg" alt="Hardened Desktop" width="70" height="70"></a>
@ -50,6 +55,14 @@ Docker plans to continue adding more security enhancements to the Hardened Deskt
<p>Control the registries developers can access while using Docker Desktop.</p> <p>Control the registries developers can access while using Docker Desktop.</p>
</div> </div>
</div> </div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-6 block">
<div class="component">
<div class="component-icon">
<a href="/docker-hub/image-access-management/"><img src="/assets/images/image-access.svg" alt="Hardened Desktop" width="70" height="70"></a>
</div>
<h2 id="hardened-desktop"><a href="/docker-hub/image-access-management/">Image Access Management</a></h2>
<p>Control the images developers can pull from Docker Hub.</p>
</div>
</div> </div>
</div> </div>

4
desktop/hardened-desktop/settings-management/index.md
View File

@ -9,7 +9,7 @@ title: What is Settings Management?
Settings Management is a feature that helps admins to control certain Docker Desktop settings on client machines within their organization. Settings Management is a feature that helps admins to control certain Docker Desktop settings on client machines within their organization.
With a few lines of JSON, admins can configure controls for Docker Desktop settings such as proxies and network settings. For an extra layer of security, admins can also use Settings Management to enable [Enhanced Container Isolation](../enhanced-container-isolation/index.md) which ensures that any configurations set with Settings Management cannot be modified by containers. With a few lines of JSON, admins can configure controls for Docker Desktop settings such as proxies and network settings. For an extra layer of security, admins can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md) which ensures that any configurations set with Settings Management cannot be modified by containers.
It is available with [Docker Desktop 4.13.0 or later](../../release-notes.md). It is available with [Docker Desktop 4.13.0 or later](../../release-notes.md).
@ -29,7 +29,7 @@ Values that are set to `locked: true` within the `admin-settings.json` override
Using the `admin-settings.json` file, admins can: Using the `admin-settings.json` file, admins can:
- Enable [Enhanced Container Isolation](../enhanced-container-isolation/index.md) (currently incompatible with WSL) - Enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/index.md) (currently incompatible with WSL)
- Configure HTTP proxies - Configure HTTP proxies
- Configure network settings - Configure network settings
- Enforce the use of WSL2 based engine or Hyper-V - Enforce the use of WSL2 based engine or Hyper-V