AgentSkillsCN

security-antipatterns-containers

在编写Dockerfile、docker-compose文件、Podman配置,或审查容器安全时使用此功能。涵盖运行时逃逸、供应链攻击、GPU直通漏洞、注册表加固,以及2024–2025年针对Docker、Podman、BuildKit、Harbor和NVIDIA容器工具包的CVE漏洞。

SKILL.md
--- frontmatter
name: security-antipatterns-containers
description: Use when writing Dockerfiles, docker-compose files, Podman configurations, or reviewing container security. Covers runtime escapes, supply chain attacks, GPU passthrough vulnerabilities, registry hardening, and 2024-2025 CVEs for Docker, Podman, BuildKit, Harbor, and NVIDIA Container Toolkit.
license: Apache-2.0
compatibility: Works with Claude Code, Codex CLI, Warp, Antigravity, and any agentskills.io-compatible agent. Requires container runtime knowledge.
metadata:
  author: security
  version: "1.0.0"
  tags: security, containers, docker, podman, kubernetes, cve, sbom, supply-chain

Container Security Anti-Patterns

Overview

Reference guide for container security anti-patterns covering Docker, Podman, Docker Compose, Podman Compose, scratch-based containers, GPU passthrough, and private registries. Includes 2024-2025 CVEs and real-world escape techniques.

Critical Rules (Top 10)

  1. NEVER run containers as root - use USER directive with non-root UID
  2. NEVER use --privileged flag - drops all security boundaries
  3. NEVER mount Docker socket - /var/run/docker.sock = host compromise
  4. NEVER hardcode secrets in Dockerfile - use BuildKit --secret or runtime injection
  5. ALWAYS use minimal base images - scratch/distroless/alpine over full OS
  6. ALWAYS pin base images by digest - not just tag, for reproducibility
  7. ALWAYS drop all capabilities - --cap-drop=ALL, add only what's needed
  8. ALWAYS scan images for vulnerabilities - Trivy/Grype in CI/CD
  9. NEVER disable seccomp/AppArmor - keep default security profiles
  10. ALWAYS use multi-stage builds - separate build deps from runtime

Quick Reference

CategoryReference FileKey CVEs
Dockerfile buildsreferences/dockerfile.mdCVE-2024-24557, CVE-2024-23651, CVE-2025-0495
Runtime securityreferences/runtime-security.mdCVE-2025-31133, CVE-2024-21626, CVE-2021-41091
Compose filesreferences/compose-security.md-
Supply chainreferences/supply-chain.mdCVE-2024-3094
Podman-specificreferences/podman-security.md-
GPU passthroughreferences/gpu-passthrough.mdCVE-2024-0132, CVE-2025-23266, CVE-2025-23359
Registry securityreferences/registry-security.mdCVE-2024-22278, CVE-2024-22261, CVE-2022-46463
Scanning & SBOMreferences/scanning-sbom.md-

When to Use

  • Writing or reviewing Dockerfiles
  • Configuring docker-compose.yml or podman-compose.yml
  • Setting up container runtime flags
  • Implementing CI/CD image pipelines
  • Hardening private registries (Harbor, etc.)
  • Configuring GPU passthrough for ML workloads
  • Auditing container security posture

Module Index

Build-Time Security

  • references/dockerfile.md - Dockerfile anti-patterns, multi-stage builds, secrets handling, BuildKit cache poisoning

Runtime Security

  • references/runtime-security.md - Privileged mode, capability management, namespace isolation, container escapes
  • references/compose-security.md - Docker/Podman Compose patterns, secrets management, network isolation

Supply Chain Security

  • references/supply-chain.md - Base image selection, typosquatting, slopsquatting, SBOM, provenance attestation

Platform-Specific

  • references/podman-security.md - Rootless containers, user namespaces, Quadlet, systemd integration
  • references/gpu-passthrough.md - NVIDIA Container Toolkit CVEs, CDI security, GPU memory isolation

Infrastructure Security

  • references/registry-security.md - Harbor vulnerabilities, content trust, anonymous access, webhook security
  • references/scanning-sbom.md - Trivy, Grype, Docker Scout, SBOM generation, VEX documents

Common Escape Vectors

Container to Host Escapes (2024-2025)

VectorCVEMitigation
runc masked pathCVE-2025-31133Update runc to 1.2.6+
runc procfs raceCVE-2025-52565Update runc to 1.2.6+
File descriptor leakCVE-2024-21626Update runc to 1.1.12+
NVIDIA TOCTOUCVE-2024-0132Update toolkit to 1.16.2+
Docker socket mountN/ANever mount /var/run/docker.sock
Privileged modeN/ANever use --privileged
cgroups release_agentN/ABlock CAP_SYS_ADMIN

Verification Commands

bash
# Check container is not running as root
docker exec CONTAINER id

# Check capabilities
docker exec CONTAINER capsh --print

# Check seccomp profile
docker inspect --format='{{.HostConfig.SecurityOpt}}' CONTAINER

# Check for socket mounts
docker inspect --format='{{.Mounts}}' CONTAINER | grep docker.sock

# Scan image for vulnerabilities
trivy image IMAGE:TAG

# Generate SBOM
trivy image --format cyclonedx IMAGE:TAG

See Also