Details
The ‘–live-restore’ enables full support of daemon-less containers in docker. It ensures
that docker does not stop containers on shutdown or restore and properly reconnects to
the container when restarted.One of the important security triads is availability. Setting ‘–live-restore’ flag in the
docker daemon ensures that container execution is not interrupted when the docker
daemon is not available. This also means that it is now easier to update and patch the
docker daemon without execution downtime.
Solution
Run the docker in daemon mode and pass ‘–live-restore’ as an argument.For Example,dockerd –live-restoreImpact-None.Default Value-By default, –live-restore is not enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.