I would like to reduce the features of my Docker daemons used to run production containers in order to reduce their attack surface.
I want to:
- limit pulls from a single registry
- disallow
push - disallow
build - probably disallow many other features
This is probably about blocking some routes of the REST API of the daemon.
I've read this Docker documentation about reducing the daemon attack surface but it says nothing about disabling daemon features.
Is is possible? How can I do that?