On 02/27/2016 01:47 AM, Nick Coghlan wrote:
On 27 February 2016 at 12:15, Josh Berkus <[email protected]> wrote:
Folks,
So I'm testing the new atomicapp tutorial documentation, and one thing I'm
running across as a major usability issue for Linux desktop developers is
that most of the commands require sudo, and create files which are owned and
editable only by root. Which means that I can't easily pull, fork and
modify Nulecule applications for my own use in my text editor of choice
(Atom, for example).
Now, this isn't a problem if you're running in an atomic host VM, where
you're logged in as root. But supposedly one of the benefits of using
Fedora Workstation as your dev environment is not needing to run a VM. We
should be promoting it as the superior developer OS.
Now, I know that the "docker group" approach which Docker takes has some
major security issues ... but if we're not going to support that, then we
need something else which is equally easy to use for developers on their own
laptops.
>From a personal experience perspective, I can also note that whatever
additional security we think we're getting from the current defaults
doesn't actually exist in practice: all the current default security
settings mean is that I always invoke docker with full root privileges
(via sudo).
The difference here is there is some logging that You executed sudo
docker command,
as opposed to no logging whatsoever. And if you did not setup sudo
without a password
you at least would block some attack vectors where a process running in
your usespace will
not be able to run root commands. With docker group any process running
as your UID can
become root with no logging.
Only able to execute some docker commands through sudo using sudo and
some scripting is
far more secure then setting up docker group. If you want to setup
docker group on your system
it will work, but this is not something we should be encouraging any
more then we should encourage
people to setup sudo without a password.
So, rather than a risk of potential escalation to root access on the
host, we have *guaranteed* root access on the host (as otherwise I
can't run docker commands at all).
This may also be a case where it makes sense to have the default
settings on Fedora Workstation diverge from those on Fedora Server and
Fedora Atomic Host.
Cheers,
Nick.
_______________________________________________
Container-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/container-tools
