Y
Hacker News
new
|
ask
|
show
|
jobs
by
mixologist
2621 days ago
If this is CVE, what is Docker then? :)
Anyone with privileges to run docker image is basically root on your host.
1 comments
imtringued
2621 days ago
This is why you should never add your user to the docker group. Just use `sudo docker` or put your docker commands in a script that can only be edited by root and execute the script via sudo with NOPASSWD.
link
ahachete
2621 days ago
Much better: replace Docker with
https://podman.io/
, which runs with user privileges, no root.
link