|
|
|
|
|
|
by otabdeveloper4
1688 days ago
|
|
|
> I don't buy this at all. The container runtime probably needs root privileges, but individual containers rarely need privileged access. Moreover, in many (all?) cases we can use security policies to prevent root containers by default. Ha, little do you know. It's common to bind-mount various system directories or UNIX sockets into the container. Also, does it matter when you're running a full OS inside the container anyways? Hosting providers is a tiny slice of the pie, most Docker users are simple end-users looking to run random internet software. (E.g., Docker is the only way to install third-party software on LibreELEC, a simple media center OS for the living room TV.) |
|
|
it’s not that common, in production systems anyway.
> Also, does it matter when you're running a full OS inside the container anyways?
Containers famously don’t include an operating system. They use the host’s kernel.
> Hosting providers is a tiny slice of the pie, most Docker users are simple end-users looking to run random internet software. (E.g., Docker is the only way to install third-party software on LibreELEC, a simple media center OS for the living room TV.)
I don’t believe this is true. I would wager that the overwhelming majority of containers are running in the cloud or in data centers.