|
|
|
|
|
|
by k4ch0w
2560 days ago
|
|
|
Running without root is totally viable, it is in fact encouraged. Take a look at: https://docs.docker.com/engine/security/userns-remap/ I think the concern should be around what environment variables are required to run, what was in the base image, what volumes are mounted between container/host thus persisted through run's and don't mount /var/run/docker.sock! You should assume the container can be breached and make it as hard as possible to break out. |
|
|