On 02/29/2016 10:23 AM, Daniel J Walsh wrote:
>From a personal experience perspective, I can also note that whatever
additional security we think we're getting from the current defaults
doesn't actually exist in practice: all the current default security
settings mean is that I always invoke docker with full root privileges
(via sudo).
The difference here is there is some logging that You executed sudo
docker command,
as opposed to no logging whatsoever. And if you did not setup sudo
without a password
you at least would block some attack vectors where a process running in
your usespace will
not be able to run root commands. With docker group any process running
as your UID can
become root with no logging.
Only able to execute some docker commands through sudo using sudo and
some scripting is
far more secure then setting up docker group. If you want to setup
docker group on your system
it will work, but this is not something we should be encouraging any
more then we should encourage
people to setup sudo without a password.
In fact, using the docker group does not work with atomic.app.
I get what you're saying about system security. On the other hand, we
need some way for developers to work in their chosen IDE/text
editor/etc. for developing atomic apps if we expect them to use the
platform at all. Right, now if I want a reasonable workflow for
fork-and-edit for atomic.app, I need to be running Atom as root. That's
not exactly a security improvement, and there's a bunch of steps to make
it work.
--
--
Josh Berkus
Project Atomic
Red Hat OSAS
_______________________________________________
Container-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/container-tools
