Details
The latest Docker registry is v2. All operations on the legacy registry version (v1) should be restricted.
Rationale:
Docker registry v2 brings in many performance and security improvements over v1. It supports container image provenance and other security features such as image signing and verification. Hence, operations on Docker legacy registry should be restricted.
Solution
Start the docker daemon as below:
dockerd–disable-legacy-registry
Impact:
Legacy registry operations would be restricted.
Default Value:
By default, legacy registry operations are allowed.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.