|
|
|
|
|
|
by zaarn
2089 days ago
|
|
|
They run as root per default. Simply using the "USER <uid/uname>" directory means you run as non-root user with a specified UID. Kubernetes recommends doing that as a baseline security measure. You can also drop caps from a container so even if you are root inside, you can't do a lot of things root can. |
|
|