DoS is a serious threat for Docker platforms. Docker faces many DoS threats, such as:
- Pending signals
-
Posix message queues
- Maximum user processes
- Maximum files
To defend against these attacks, we need to:
- Assign memory limits using the -m option:
docker run -d -m 512m <Image_Name>
- Limit the CPU share (1,024 by default) using the -c option:
docker run -d -c 512 <Image_Name></strong>
Another feature in the Linux kernel that you can use to limit the access processes is cgroups (control groups) using the --cpu-set-cpus flag. You can have a clearer understanding by checking the following illustration.