Hi, On Thu, 19-May-2016 10:12, Daniel J Walsh wrote: > User namespace as you would expect it to work. (Container Isolation) does > not work yet. User Namespace can be used with docker-1.10, but only for > protecting the host from the container. All containers would run with the > same "DockerRoot".
So one thing which always surprised me, is that Docker seems to recommend in its best practices to actually do change the USER - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ Hence, so many images on DockerHub follow this principle and each and every one won't run out of the box on OpenShift. Is it really so wrong? And if it is, why does Docker not change its recommendation? --Hardy
signature.asc
Description: PGP signature
_______________________________________________ Container-tools mailing list [email protected] https://www.redhat.com/mailman/listinfo/container-tools
