This blog post explains how to generate SECCOMP profiles for containers. This is possible using podman and eBPF filters. Custom SECCOMP profiles allow to limit the container to exactly those syscalls it needs.
Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at training.play-with-docker.com.
Sometimes it is necessary to run Docker containers for a different CPU architecture.
This Docker containers makes it possible to run other Docker containers with a different architecture.
It works by using
binfmt_misc, a Linux kernel feature to run files with interpreters, and installs qemu binaries for different architectures.
The website lists docker containers from Docker Hub with known vulnerabilities in it. The top 1000 docker containers from Docker Hub are regularly scanned with Trivy and the results reported here.
A similar tool to scan for vulnerable containers is Clair scanner.