Open prihoda opened 4 years ago
Thank you, David!
This is a very good suggestion, I will check automatically and run sudo docker
or just docker
depending on whether the user has set up his/her system.
PS: I read about security concerns when it comes to running Docker without sudo... Do you have an opinion?
PS: I read about security concerns when it comes to running Docker without sudo... Do you have an opinion?
I know about the risk of getting root access through Docker (just on Linux machines, not on Windows or OSX), but that will depend on user setup. If the user is added to the docker
group, it enables running without sudo
, but also makes root privilege escalation possible. But then, using or not using sudo
itself does not change this fact. If the user is member of the docker
group, the privilege escalation is possible both with or without sudo
.
I fully agree, the choice of allowing docker to run without sudo would be the user's responsibility. I am a little swamped at the moment (we are submitting a paper to publish the method). If you are interested in writing a few lines, do let me know: other users are writing features, we are not jealous about code ownership! Otherwise, no problem we will try to implement it soon.
In case someone else stumbles into this problem:
I was able to run MONET without root privileges (but with rootless Docker set up on the Linux Ubuntu server) by manually editing the ~/.monet/monet
script, removing sudo
from the lines where it is prepended to the docker
command:
Line 404: sudo docker build -t $docker_reference "$install_dir"/containers/"$method"/docker \
Line 409: sudo docker rm "$method"-container > /tmp/docker_rm_output 2>&1
Line 412: sudo docker run --name "$method"-container \
Some users actually don't have root (
sudo
) access and they can still use Docker. You could provide an option not to use sudo or figure it out automatically somehow (e.g. by checking if you can run docker without it first).