top | item 25547833

(no title)

gcb0 | 5 years ago

> It might not be obvious, but the app will have access to all your other open windows.

Fun fact, most docker hosts will allow access to all your files anyway! (specially true on docker for mac, which all the cool kids(tm) here are using). Even if you restrict container host-FS access to a source repo dir, mind rogue code changing your .git hook scripts in there or you might run code outside of the container when committing ;)

Another slightly relevant fun fact, USB is a bus. That means that any device can listen in on any other device. And USB access is given by default to some X-enabled docker (--tty something), and to most virtualbox machines (including the hidden one running the fake docker linux host on docker-for-mac), and more recently Google-Chrome. ;)

discuss

zapita|5 years ago

> and to most virtualbox machines (including the hidden one running the fake docker linux host on docker-for-mac)

docker-for-mac does not use virtualbox.

t-writescode|5 years ago

Docker For Mac does use a virtual machine to run the Docker machine, though. It's complicated to access the automatically generated mount point on Docker's mac when you create a virtual folder but don't bind it anywhere.