On 27 February 2016 at 12:15, Josh Berkus <[email protected]> wrote: > Folks, > > So I'm testing the new atomicapp tutorial documentation, and one thing I'm > running across as a major usability issue for Linux desktop developers is > that most of the commands require sudo, and create files which are owned and > editable only by root. Which means that I can't easily pull, fork and > modify Nulecule applications for my own use in my text editor of choice > (Atom, for example). > > Now, this isn't a problem if you're running in an atomic host VM, where > you're logged in as root. But supposedly one of the benefits of using > Fedora Workstation as your dev environment is not needing to run a VM. We > should be promoting it as the superior developer OS. > > Now, I know that the "docker group" approach which Docker takes has some > major security issues ... but if we're not going to support that, then we > need something else which is equally easy to use for developers on their own > laptops.
>From a personal experience perspective, I can also note that whatever additional security we think we're getting from the current defaults doesn't actually exist in practice: all the current default security settings mean is that I always invoke docker with full root privileges (via sudo). So, rather than a risk of potential escalation to root access on the host, we have *guaranteed* root access on the host (as otherwise I can't run docker commands at all). This may also be a case where it makes sense to have the default settings on Fedora Workstation diverge from those on Fedora Server and Fedora Atomic Host. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Container-tools mailing list [email protected] https://www.redhat.com/mailman/listinfo/container-tools
