Hacker News new | ask | show | jobs
by WesolyKubeczek 1047 days ago
> Why not have 1 daemon, rather than 1 daemon per container?

Having a daemon per container has this little advantage that if something manages to bring down one of the daemons, it won't bring down the whole shebang.
1 comments
amelius 1047 days ago
Also side-channel attacks.

E.g. if one user downloads a container, and then for another user it is already in the cache, this gives the other user information about the first user.

link
Fire-Dragon-DoL 1047 days ago
Isn't this pointless, since if the other user has access to docker, they basically have root access to the machine?
link
amelius 1047 days ago
I don't think users need to have root access to use Docker.
link
Fire-Dragon-DoL 1047 days ago
No, but unless they run in rootless mode, they can mount any directory and write on it as root
link
seba_dos1 1046 days ago
They don't, but if you have given them access to Docker then it's just as if you had given them access to root.
link