Disabling the Userland Proxy

Modify Docker startup parameters and add the --userland-proxy=false parameter to disable the userland proxy during startup to reduce the attack surface of the device. See the following example:

......
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd  --userland-proxy=false --icc=false -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
......

After modifying the parameters, run the following command to restart the service:

 systemctl restart docker