|
|
|
|
|
|
by DannoHung
3769 days ago
|
|
|
Can you speak to the security implications of building the container as a remapped root and running as a user? My understanding is that the most important reason to have root in the container is to install software through the standard measures, but obviously, we don't want to have to run our build process for containers as root on the real host. Given the comparatively restricted behavior, is this a good practice or are there implications of using a remapped root during container build time that would linger on to run time? |
|
|
And I should have been clear that a remapped root that drops drops privileges and/or transitions into another user is still better than an unremapped root doing the same. It's just that the remapping is not a panacea.