is this chroot or root, because, in my experience, don't you NOT want apps running as root? I suppose with containers having sub-level access it would be a difficult decision to choose which was more secure, giving docker full access to everything, or it not having control. It's a shame that its such a difficult place to change it, or that you can't select it at install.
Docker itself requires root privileges to place processes in different namespaces, manipulate their control groups etc.
However, you can very easily drop the privileges of the application running inside each container, with "docker run -u <USER>". This is definitely recommended for several use cases, for example running untrusted code on shared hardware.
crashoverdrive|12 years ago
shykes|12 years ago
However, you can very easily drop the privileges of the application running inside each container, with "docker run -u <USER>". This is definitely recommended for several use cases, for example running untrusted code on shared hardware.