[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security implications of "runAsUser: type: RunAsAny"



It is, but you can't also run priviliged containers on the same node and join host namespaces.  So you can't use host pid, host ipc, or (I think) host network.  Which is very limiting.

On Nov 16, 2015, at 7:38 PM, Philippe Lafoucrière <philippe lafoucriere tech-angels com> wrote:


On Tue, Oct 27, 2015 at 5:44 PM, Clayton Coleman <ccoleman redhat com> wrote:
Some of this will be improved once user namespaces land in Docker, but
until then being able to run as uid 0 (root) inside a container is
basically giving your users access to run as root on the host machine.

Was this supposed to land in the last 1.9?
I must say, these restrictions are a real pain when it comes to docker images like nginx...

Thanks

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]