Details
Do not use ‘aufs’ as storage driver for your Docker instance.The ‘aufs’ storage driver is the oldest storage driver. It is based on a Linux kernel patch-set
that is unlikely to be merged into the main Linux kernel. ‘aufs’ driver is also known to
cause some serious kernel crashes. ‘aufs’ just has legacy support from Docker. Most
importantly, ‘aufs’ is not a supported driver in many Linux distributions using latest Linux
kernels.
Solution
Do not explicitly use ‘aufs’ as storage driver.For example, do not start Docker daemon as below-dockerd –storage-driver aufsImpact-‘aufs’ is the only storage driver that allows containers to share executable and shared
library memory. It might be useful if you are running thousands of containers with the
same program or libraries.
Default Value-By default, Docker uses ‘devicemapper’ as the storage driver on most of the platforms.
Default storage driver can vary based on your OS vendor. You should use the storage driver
that is best supported by your preferred vendor.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.