Menu
I'm working on some "common sense" hardening of one of my docker containers and my line of thinking suggests that I could attempt to uninstall APK and PIP from the Alpine linux image after I finish installing all of my dependencies.
I'm having a hard time finding any information on doing so. My line of thinking is that the container is ephemeral so there would never be a need to install anything to a running container.
Anybody ever done this? Thanks!
260
2 Answers. All the data is in /var/lib/docker . However, this data will not be removed when uninstalling the packages.
To remove one or more Docker containers, use the docker container rm command, followed by the IDs of the containers you want to remove. If you get an error message similar to the one shown below, it means that the container is running. You'll need to stop the container before removing it.
&& apk add bash tells Docker to install bash into the image. apk stands for Alpine Linux package manager. If you're using a Linux base image in a flavor other than Alpine, then you'd install packages with RUN apt-get instead of apk.
You should be able to remove pip by uninstalling the py-pip package:
apk del py-pip
Followed by deleting pip's cache:
# rm -rf /<HOME_DIR>/.cache/pip
Then, for removing apk, delete the apk binary and folders:
# rm -f /sbin/apk
# rm -rf /etc/apk
# rm -rf /lib/apk
# rm -rf /usr/share/apk
# rm -rf /var/lib/apk
I haven't done Docker hardening/jailing myself, but removing the package manager seems like a common practice for reducing the possible attack surface. Here's an interesting post taking a similar approach:
95
For removing apk, this will also work and ensure proper removal: apk --purge del apk-tools
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
