|
|
|
|
|
|
by naikrovek
1363 days ago
|
|
|
it's not about security or sanity, it's because people run containers whose UIDs do not match the host system, and they write to the host system by mounting volumes for the container to use. the result is root or another user inside the container can write root-owned files because they have the same UID as root on the container host. my employer runs an orchestrator and destroys each runner VM after a single job so this only bites the user who causes it, and not anyone else. |
|
|