|
|
|
|
|
|
by seodisparate
1518 days ago
|
|
|
[1] discusses firejail running as root: > For a server, the process exposed to the outside world runs as an unprivileged user (unbound or nobody). The process is started by a separate process running as root (as explained by @Ferroin above). The starting process is never exposed to outside. > The same is true for Firejail. By the time the unprivileged server process starts, Firejail is already sleeping. And I think Docker has a similar problem as mentioned in the "warning" section in [2]: > Warning: Anyone added to the docker group is root equivalent because they can use the docker run --privileged command to start containers with root privileges. For more information see [3] and [4]. [1]: https://github.com/netblue30/firejail/issues/1720 [2]: https://wiki.archlinux.org/title/Docker#Installation |
|
|