New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better documentation about if/when docker needs to be run as root #132
Comments
Hi, I understand how this could be confusing. Basically, If you don't launch the Hope that helps clarifying it! |
Looking back on this ticket after using docker a lot over the past couple of weeks, my position is that we should get rid of standalone mode entirely. The root/non-root confusion will be reduced as a nice side-effect. |
@cespare, 👍 |
It looks like we might need to deprecate standalone mode... I summarized the arguments for it in #364. Please weigh in if you have an opinion. |
By the way, if CONFIG_USER_NS is turned on, then it is possible for an unprivileged user on the host to have privileges to mount inside the container. Given that, is it possible that docker will support running as non-root in the future? Has this been discussed before? |
@pwaller I think you should reenter the Running the daemon as non-root would be a new feature request and separate from this documentation issue. I'll review the docs to make sure we always talk about starting the daemon with sudo and then I'll close this ticket. |
I've confirmed that the current docs always show Closing. |
Could this have label project/security added? |
BACKPORT: Fixes for --cgroup-parent slices to expand correctly
Playing around with docker following some of the things listed in the readme, I noticed that I often had to run commands as root or they wouldn't work. A common symptom is spouting a list of JSON config files that docker doesn't have permission to read. But at other times, I didn't need to run as root -- usually after starting the daemon mode. (This was confirmed by @shykes and other folks in IRC who mentioned that the readme directions are partly outdated and from a time when the daemon -- as root -- always had to be running.)
For instance, I believe that this little example about "starting a long-running worker process":
works correctly if the first
docker -d
command is run with sudo. But it wasn't always clear to me when it was and wasn't required, and why.It would be good to audit the use of
sudo
(or lack thereof) throughout the readme examples.The text was updated successfully, but these errors were encountered: