Full featured containers run without privilege and Docker 1.0

Showing 1-10 of 10 messages
Full featured containers run without privilege and Docker 1.0 Michael Neale 11/13/13 6:28 PM
Linked from an earlier blog post about container security issues - is this article http://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/

It mentions that work is afoot in lxc to run full containers as non-root (with a demo and patchset).

Given the power of this feature - is there any alignment between production Docker (1 and up) and this feature? 
(and also if anyone knows about progress with lxc in this area, please to chime in !). 

Cheers.



Re: [docker] Full featured containers run without privilege and Docker 1.0 Solomon Hykes 11/13/13 7:05 PM
Hi Michael, user namespaces are very promising but not currently considered safe enough for production. When they are, we will certainly use them in docker!
This is not a blocker for docker becoming production-ready. They are 2 independent developments.
--
@solomonstre
@docker
Re: [docker] Full featured containers run without privilege and Docker 1.0 Michael Neale 11/13/13 7:27 PM
thanks for the tip. 

yes I did get the impression it was pretty early days. I wonder if other solutions in the meantime will help with running "less trusted code" in containers (and building containers) - or is there hope(!) that namespaces will come along at some point and be the solution for this? 
This message has been hidden because it was flagged for abuse.
Re: [docker] Full featured containers run without privilege and Docker 1.0 Michael Neale 11/18/13 1:33 AM
Hi Jérôme - the 
Interesting - I think for a suitable image - it can be made quite safe (specifying USER, for one) - my question is more about the build step - given running a build is running as root (installing packages in the container, and more) - how safe can that bit be made ? (it isn't a large surface, but if you are building other peoples Dockerfiles then it is still an attack surface - is it not?). 

Some good things to read up on there - the last I saw was a blog that talked about namespaces primarily and future direction - is there more background reading on how people secure both the building and running of docker containers (that I have not been able to find!) ? 

I imagine there are services out there building user provided images and building user provided Dockerfiles - I wonder what people consider suitable in terms of security/isolation? (the answer probably isn't binary)
Re: [docker] Full featured containers run without privilege and Docker 1.0 Michael Neale 11/21/13 4:45 AM
Hi Jerome - are there any samples/docs on seccomp with lxc, all I can find so far is: 


which has a trivial "allow everything" whitelist (or so it is implied) - any pointers? 
This message has been hidden because it was flagged for abuse.
Re: [docker] Full featured containers run without privilege and Docker 1.0 Michael Neale 11/27/13 9:16 PM
Hi Jérôme - so USER in the Dockerfile means that the RUN steps from that point run as that user? 

(ie nobody, in your example?)
Re: [docker] Full featured containers run without privilege and Docker 1.0 Brian Morearty 11/27/13 10:44 PM
Hi Jérôme - so USER in the Dockerfile means that the RUN steps from that point run as that user? 

That's right, Michael. 

Order matters for USER and RUN. The USER command only affects subsequent RUN commands.

But USER also affects all CMD and ENTRYPOINT commands, no matter where they appear in the Dockerfile.

Brian Morearty
Hands on with Docker. http://handsonwith.com/
Docker's training partner

unk...@googlegroups.com 12/3/13 10:04 PM <This message has been deleted.>