[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security implications of "runAsUser: type: RunAsAny"



Yes, you can do that

On Nov 16, 2015, at 10:55 PM, Jason DeTiberus <jdetiber redhat com> wrote:


On Nov 16, 2015 10:49 PM, "Clayton Coleman" <ccoleman redhat com> wrote:
>
> Yes - but if you enable the experimental user namespaces feature in docker 1.9, you won't be able to run routers or admin level pods on nodes.  Until we get fixes into a Docker it's somewhat limiting.

Is this something that can be worked around by using "infra" nodes to host the routers and admin level pods with user namespaces disabled and enabling user namespaces elsewhere?

>
> On Nov 16, 2015, at 8:57 PM, Philippe Lafoucrière <philippe lafoucriere tech-angels com> wrote:
>
>> Hmm, I'm not talking about "privileged" containers (in the docker way), I just want to run standard containers that users can find on the docker hub, like "nginx". It doesn't have to run privileged, it's just running as root inside.
>> As this image does as well:
>> https://github.com/nginxinc/openshift-nginx
>> It needs to run as root to bind the port 80 (but not only).
>>
>> Thanks
>> ​
>
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]