What could docker do to make it easier to do this correctly?

[westurner]

What could docker do to make it easier to grant limited privileges to the docker socket(s) / API?

Are there existing issues in docker projects that should be prioritized to make this happen?

[pedrobaeza]

What this repository has to do with that?

[westurner]

You seem to have developed a solution that would be useful for upstream. As an expert who's spent time developing a solution, do you have any insight as to how docker could provide privilege-limited sockets without requiring a HAproxy instance to also keep upgraded?

[pedrobaeza]

Sorry, no

[westurner]

If docker were to provide a configuration option to create an additional socket(s) with a limited set(s) of API privileges, would this solution still be necessary?

[pedrobaeza]

I suppose not, but we should wait for that

[westurner]

Thanks for your time. Are you aware of any issues in any docker projects relevant to this concern?

[westurner]

I see these docs: https://docs.docker.com/v17.09/engine/security/https/

I'll spend some time looking through the open issues to see whether someone has requested a (socket_filename, [perms,]) feature.

[yajo]

After some recent reading and videos, I have become convinced that it's not just the socket: the whole security model under Docker is broken by design. Read here why podman is way more secure.

I think it makes more sense to invest time in this new collection of container tools that is becoming available nowadays.

Apart from that, yes, limited privileges in sockets would be a good thing, but I don't think they'll apply that since Docker already ships with RBAC plugin support (although none is shipped by default in the CE edition), so those regards are supposed to be delegated to external plugins instead.

[westurner]

• https://github.com/google/gvisor
• https://cloud.google.com/blog/products/gcp/open-sourcing-gvisor-a-sandboxed-container-runtime