Docker contaniners share the kernel wth the machine they are running on.
If any of the containers starts using up more resources like CPU, RAM the other containers might run ino /do/s issue.
The attack can break out from a container into the host machine or other containers.
Make sure that the images coming from dockerhub are from trusted sources.
You should be careful with what secrets you store in your containers.
You can use the commands:
docker network disconnect nh
nh is the name of the container. This will disconnect your containers from the network and they will be inaccessible.
Docker diff will show you which files have been modified.
If you do not want external invalid/destructive files to modify your containersthen you can make your containers read-only
Specify –read-only option while running your container.