@x_cli One question about the proper use of containers (*not* VM, only containers). Is it reasonable to give root access in a container to someone who is not root on the host? I always thought the answer was No and this is how I manage containers. The report mention "public cloud service". Are there services where tenants have root access to a container?

@Keltounet @x_cli ? I don't see the relationship. Let me ask again: are there *services* (not software) where *tenants* (not the company managing the service) have root access to a container?

@bortzmeyer @Keltounet @x_cli

The answer is here:

electricmonk.nl/log/2017/09/30

"A common practice is to add users that need to run Docker containers on your host to the docker group. [...] What is not obvious right away is that this is basically the same as giving those users root access. You see, the Docker daemon runs as root and when you add users to the docker group, they get full access over the Docker daemon."

Follow

@bortzmeyer

Unless I did not understand your question at all. In which case, please accept all my apologies.

@Keltounet @x_cli

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko