7.2.3 None Driver
A focused guide to None Driver, connecting core concepts with practical Docker and container operations.
The none network driver disables networking entirely for a container, providing only a loopback interface and no connectivity whatsoever to other containers, the host, or the external network, appropriate for workloads with genuinely no networking needs.
Using the None Driver
A container configured with --network none has no functional network interfaces beyond loopback.
docker run -d --network none myapp:1.0
docker exec $(docker ps -lq) ip addr
This shows only a loopback interface, with no other network connectivity available to this container at all.
What This Means in Practice
A container using this driver cannot reach the external internet, cannot communicate with other containers, and cannot be reached from the host through any networking mechanism, including port publishing.
docker run -d --network none -p 8080:80 nginx:alpine
curl http://localhost:8080
This fails to connect, since the none driver disables networking entirely, making port publishing meaningless in this context.
When This Driver Is Actually Appropriate
Workloads that perform purely local computation, with no need to read from or write to any network resource, are well suited to this driver — disabling networking entirely for such a workload also provides a meaningful security benefit, since there's no network attack surface at all.
docker run --rm --network none alpine sh -c "echo 'pure computation, no networking needed'"
Verifying No Networking Is Actually Available
Confirming a container using this driver genuinely has no network connectivity validates that the intended isolation is actually in effect.
docker exec myapp ping -c 1 8.8.8.8
This should fail entirely, confirming the absence of any network connectivity.
Why the None Driver Matters
For the specific, less common case of a workload with genuinely no networking requirements, the none driver provides the strongest possible network isolation available, eliminating network-based attack surface entirely for situations where it offers no benefit to the workload anyway.