Disabling the Userland Proxy
Modify Docker startup parameters and add the --userland-proxy=false parameter to disable the userland proxy during startup to reduce the attack surface of the device. The following is an example:
... [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd --userland-proxy=false --icc=false -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always ...
Parent topic: Hardening Container Security