This repository has been archived by the owner on Oct 14, 2020. It is now read-only.
Don't be Root #29
Comments
|
We want to allow users to have access to the machine, for future capabilities that we are planning. @azhao12345 looked into this and found that the next version of Docker should tighten up security even further so that running as root shouldn't be an issue at all. Andrew can you please provide more details on how the next version will impact us? |
|
The newer version of docker should implement user namespaces, meaning that the root user in the container will have a different process uid on the host. Since the containers are destroyed on every run, any modification to the accessible files in the container shouldn't be an issue. |
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It's really bad that the runner runs as root. It should probably just run as a set user, who doesn't have permission to do much at all other than write some stuff to /tmp, execute some executables and read some files.
The text was updated successfully, but these errors were encountered: