After a busy PEN-100 training week, I finally had time to revisit something that\u2019s been bothering me in my homelab: My Docker media stack was functional \u2014 but not properly hardened. I run the typical *arr ecosystem:<\/p>\n\n\n\n
It worked perfectly. Security-wise? It needed work. This post walks through how I hardened it, validated the changes, and tested my own setup \u2014 without pretending it\u2019s bulletproof.<\/p>\n\n\n\n
Originally, my containers were running with:<\/p>\n\n\n\n
PUID=1000\nPGID=1000<\/code><\/pre>\n\n\n\nOn most Linux systems, UID 1000 is your first regular user account. Not root (UID 0), but still a user with broad access to personal files. Additionally:<\/p>\n\n\n\n
\n- Volumes were writable<\/li>\n\n\n\n
- Default Docker capabilities were active<\/li>\n\n\n\n
- No explicit resource limits were defined<\/li>\n<\/ul>\n\n\n\n
Functionality came first. Security was \u201cfuture me\u2019s problem.\u201d Time to fix that.<\/p>\n\n\n\n
Threat Model (Be Realistic)<\/h2>\n\n\n\n
This system is:<\/p>\n\n\n\n
\n- Not publicly exposed<\/li>\n\n\n\n
- Behind a Proxmox firewall (default DROP)<\/li>\n\n\n\n
- Only accessible via Nginx Proxy Manager in a separate VLAN<\/li>\n\n\n\n
- Docker API is not exposed<\/li>\n\n\n\n
- No docker.sock mounted into containers<\/li>\n<\/ul>\n\n\n\n
So the realistic threat scenario is:<\/p>\n\n\n\n
\nAn application-level compromise (e.g., RCE in Sonarr or Prowlarr)<\/p>\n<\/blockquote>\n\n\n\n
Not:<\/p>\n\n\n\n
\n- Internet-wide scanning<\/li>\n\n\n\n
- Remote Docker daemon takeover<\/li>\n\n\n\n
- Exposed privileged containers<\/li>\n<\/ul>\n\n\n\n
The goal is not \u201cperfect security.\u201d The goal is reducing blast radius.<\/p>\n\n\n\n
Step 1 \u2013 Dedicated Non-Root Service Account<\/h2>\n\n\n\n
Instead of using my primary user (UID 1000), I created a dedicated service account:<\/p>\n\n\n\n
sudo groupadd -g 1100 mediacenter\nsudo useradd -u 1100 -g 1100 -s \/usr\/sbin\/nologin -M media-service<\/code><\/pre>\n\n\n\nWhy:<\/p>\n\n\n\n
\n- No interactive login<\/li>\n\n\n\n
- No home directory<\/li>\n\n\n\n
- Predictable UID\/GID mapping<\/li>\n\n\n\n
- Isolation from my personal user account<\/li>\n<\/ul>\n\n\n\n
Then I reassigned ownership:<\/p>\n\n\n\n
sudo chown -R 1100:1100 ~\/docker\nsudo chown -R 1100:1100 \/mnt\/downloads<\/code><\/pre>\n\n\n\nAll containers now run as:<\/p>\n\n\n\n
PUID=1100\nPGID=1100<\/code><\/pre>\n\n\n\nOr explicitly:<\/p>\n\n\n\n
user: 1100:1100<\/code><\/pre>\n\n\n\nImpact: If a container is compromised, it can only access what UID 1100 owns \u2014 not my personal files, not system files. This reduces blast radius significantly.<\/p>\n\n\n\n
Step 2 \u2013 Network Isolation<\/h2>\n\n\n\n
I defined a user-defined bridge:<\/p>\n\n\n\n
networks:\n media-net:\n driver: bridge<\/code><\/pre>\n\n\n\nAll containers run inside this network.<\/p>\n\n\n\n
This isolates them from Docker\u2019s default bridge and allows internal DNS resolution (e.g., curl http:\/\/sonarr:8989<\/code>).<\/p>\n\n\n\nImportant nuance:<\/p>\n\n\n\n
Containers on the same bridge can communicate freely.
This is acceptable for my homelab threat model.<\/p>\n\n\n\n
Full micro-segmentation would add complexity without significant security gain in this context.<\/p>\n\n\n\n
Step 3 \u2013 Enforcing No New Privileges<\/h2>\n\n\n\n
Every container includes:<\/p>\n\n\n\n
security_opt:\n - no-new-privileges:true<\/code><\/pre>\n\n\n\nWhat this does:<\/p>\n\n\n\n
\n- Prevents processes from gaining additional privileges<\/li>\n\n\n\n
- Blocks setuid-based privilege escalation<\/li>\n\n\n\n
- Stops privilege abuse inside the container<\/li>\n<\/ul>\n\n\n\n
This does not make container escape impossible. It limits in-container privilege escalation. It\u2019s a strong and low-cost control.<\/p>\n\n\n\n
Step 4 \u2013 Dropping Linux Capabilities<\/h2>\n\n\n\n
This was one of the biggest improvements. By default, Docker grants containers a reduced but still meaningful set of Linux capabilities. Even without --privileged<\/code>, containers can:<\/p>\n\n\n\n\n- Override file permission checks<\/li>\n\n\n\n
- Use raw sockets<\/li>\n\n\n\n
- Change file ownership<\/li>\n\n\n\n
- Bind to low ports<\/li>\n\n\n\n
- Modify certain kernel-level behaviors<\/li>\n<\/ul>\n\n\n\n
To reduce this attack surface, I explicitly dropped all capabilities:<\/p>\n\n\n\n
cap_drop:\n - ALL<\/code><\/pre>\n\n\n\nFor example:<\/p>\n\n\n\n
sonarr:\n image: ghcr.io\/linuxserver\/sonarr\n environment:\n - PUID=1100\n - PGID=1100\n security_opt:\n - no-new-privileges:true\n cap_drop:\n - ALL<\/code><\/pre>\n\n\n\nAfter redeploying, I verified:<\/p>\n\n\n\n
docker inspect sonarr --format '{{.HostConfig.CapDrop}}'\n[ALL]<\/code><\/pre>\n\n\n\nNow, even if an attacker gains root inside the container, kernel-level interaction is heavily restricted. This does not prevent container escape entirely \u2014 but it meaningfully reduces the attack surface.<\/p>\n\n\n\n
Step 5 \u2013 Resource Limits (DoS Protection)<\/h2>\n\n\n\n
Before hardening, containers had unlimited access to system resources. A compromised container could:<\/p>\n\n\n\n
\n- Exhaust RAM<\/li>\n\n\n\n
- Consume all CPU<\/li>\n\n\n\n
- Fork bomb the host<\/li>\n<\/ul>\n\n\n\n
To mitigate this, I added:<\/p>\n\n\n\n
mem_limit: 512m\ncpus: 1.0\npids_limit: 200<\/code><\/pre>\n\n\n\nFor heavier services like Jellyfin:<\/p>\n\n\n\n
mem_limit: 1g<\/code><\/pre>\n\n\n\nNow, even if compromised, a container cannot easily take down the host. This improves resilience more than most people realize.<\/p>\n\n\n\n
Step 6 \u2013 Read-Only Media Mounts<\/h2>\n\n\n\n
For Jellyfin:<\/p>\n\n\n\n
- \/mnt\/downloads\/data\/media:\/data\/media:ro<\/code><\/pre>\n\n\n\nIf Jellyfin is compromised:<\/p>\n\n\n\n
\n- Media cannot be modified<\/li>\n\n\n\n
- Files cannot be deleted<\/li>\n\n\n\n
- Ransomware-style attacks are prevented at the container level<\/li>\n<\/ul>\n\n\n\n
This is a simple but powerful control.<\/p>\n\n\n\n
Pentesting My Own Setup<\/h2>\n\n\n\n
After hardening, I tested it.<\/p>\n\n\n\n
1. External Scanning<\/h3>\n\n\n\n
Port scans using nmap fail from external networks as well as from other internal VLANs. Access is restricted by firewall policies at both the VLAN boundary and the Proxmox host level. This layered filtering is intentional and part of the overall segmentation strategy.<\/p>\n\n\n\n
2. Docker Daemon Exposure<\/h3>\n\n\n\n
Checked dockerd:<\/p>\n\n\n\n
\/usr\/bin\/dockerd -H fd:\/\/<\/code><\/pre>\n\n\n\nNo TCP listener.
No exposed Docker API.
Good.<\/p>\n\n\n\n
3. Inside Container Testing<\/h3>\n\n\n\n
From inside a container:<\/p>\n\n\n\n
\n- Verified mounts (no docker.sock exposed)<\/li>\n\n\n\n
- Verified no host filesystem mounted<\/li>\n\n\n\n
- Verified
\/sys<\/code> is read-only<\/li>\n\n\n\n- Verified cgroup v2 is read-only<\/li>\n<\/ul>\n\n\n\n
Attempting:<\/p>\n\n\n\n
touch \/etc\/testfile<\/code><\/pre>\n\n\n\nWorked \u2014 but only inside the container overlay filesystem. Not on the host. Important distinction: Container root \u2260 Host root.<\/p>\n\n\n\n
What This Does NOT Protect Against<\/h2>\n\n\n\n
Let\u2019s stay honest. This setup does not protect against:<\/p>\n\n\n\n
\n- Kernel vulnerabilities<\/li>\n\n\n\n
- Docker daemon zero-days<\/li>\n\n\n\n
- Malicious container images<\/li>\n\n\n\n
- Application-layer RCE<\/li>\n\n\n\n
- API key abuse between services<\/li>\n<\/ul>\n\n\n\n
It reduces impact. It does not eliminate risk. Security is layered, not absolute.<\/p>\n\n\n\n
Final State Summary<\/h2>\n\n\n\n
After hardening, the stack now has:<\/p>\n\n\n\n
\n- Dedicated non-root service account<\/li>\n\n\n\n
- Explicit UID\/GID mapping<\/li>\n\n\n\n
- Firewall-level isolation<\/li>\n\n\n\n
- No exposed Docker API<\/li>\n\n\n\n
- No docker.sock mounts<\/li>\n\n\n\n
- Dropped Linux capabilities<\/li>\n\n\n\n
- no-new-privileges enabled<\/li>\n\n\n\n
- Resource limits enforced<\/li>\n\n\n\n
- Read-only media mounts<\/li>\n\n\n\n
- Seccomp + AppArmor active (default Docker security options)<\/li>\n<\/ul>\n\n\n\n
If one *arr service is compromised:<\/p>\n\n\n\n
The attacker gains:<\/p>\n\n\n\n
\n- Container-level access<\/li>\n\n\n\n
- Limited internal network access<\/li>\n<\/ul>\n\n\n\n
They do NOT gain:<\/p>\n\n\n\n
\n- Host root<\/li>\n\n\n\n
- Docker daemon control<\/li>\n\n\n\n
- System-wide filesystem access<\/li>\n<\/ul>\n\n\n\n
That\u2019s a major improvement over the original state.<\/p>\n\n\n\n
Lessons Learned<\/h2>\n\n\n\n\n- Docker is not a security boundary.<\/li>\n\n\n\n
- UID mapping reduces blast radius.<\/li>\n\n\n\n
- Capabilities matter more than most people think.<\/li>\n\n\n\n
- Resource limits protect availability.<\/li>\n\n\n\n
- Network segmentation should match your threat model.<\/li>\n\n\n\n
- Hardening is iterative \u2014 not a one-time task.<\/li>\n<\/ol>\n\n\n\n
Originally, I built this stack for convenience. Now it\u2019s layered, validated, and intentionally designed. Not perfect. But significantly more resilient. And most importantly \u2014 I understand why.<\/p>\n","protected":false},"excerpt":{"rendered":"
After a busy PEN-100 training week, I finally had time to revisit something that\u2019s been bothering me in my homelab: My Docker media stack was functional \u2014 but not properly hardened. I run the typical *arr ecosystem: It worked perfectly. Security-wise? It needed work. This post walks through how I hardened it, validated the changes, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[20,7],"tags":[],"class_list":["post-543","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-realworld"],"_links":{"self":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=543"}],"version-history":[{"count":1,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/543\/revisions"}],"predecessor-version":[{"id":544,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/543\/revisions\/544"}],"wp:attachment":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}