Only by misconfiguring the kernel capabilities granted to the container can you cause a security issue when running as root inside the container. The argument in favor of just using root inside the container - which is the default - is that user uid=0 is already pretty limited inside the container. This doesn’t affect regular web apps, but reduces the vectors of attack by malicious users considerably.īy default Docker drops all capabilities except those needed, an allowlist instead of a denylist approach. “root” within a container has much less privileges than the real “root”. Docker documents the limited functionality of the root user (by which I mean uid=0) inside a container. There is an argument to make that using a non-root user inside a Docker container is not required. Why care about a non-privileged user inside a container? No complicated file modifications or terminal configuration.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |