Y
Hacker News
new
|
ask
|
show
|
jobs
by
_cenw
1158 days ago
I had a look at it and it seemed interesting, but then I spotted the `-v /var/run/docker.sock:/var/run/docker.sock`.
1 comments
popcorncowboy
1158 days ago
In case anyone's wondering, that gives the container root level access to the host's Docker daemon. A big potential security hole.
link
_cenw
1158 days ago
It's also just generally wrong to build a scheduler on top of the docker API. We have CRI for a reason, because everyone knows Docker is not going to be around forever. Certainly not the company. Maybe dockerd.
link