Good container pratices includes:
- Do one thing - avoid multi-service containers
- Dropping kernel capabilities, start with nothing, add what you need
- Dropping root - never have long running containers running as root
- Check your privilege level - avoid privileged containers
- Ensure tmpfile content ownership is properly restricted
What are good container practices used in your environment?
