[Cthulhu_]

It does allow you to exit the boundaries of the application though, and e.g. extract the application's database.

That said, is it possible to disable superuser access entirely in a container? Can't login as root if there is no root.

[nix23]

https://developers.redhat.com/blog/2020/09/25/rootless-conta...

[mattacular]

Docker has a user namespacing feature which can be used to harden container images and also a newer way to run rootless altogether - https://docs.docker.com/engine/security/rootless/

[dec0dedab0de]

If the application user has access to the database, it doesn't matter if you get access to root or not.