Open JohannesGaessler opened 4 years ago
I'm not sure if this is a problem, as the user cannot specify docker arguments and thus not force to run the container as root user.
So this is bad:
docker run -v /root:/forbidden ubuntu bash -c "id; touch /forbidden/thing; ls /forbidden"
uid=0(root) gid=0(root) groups=0(root)
thing
But this is fine:
docker run --user "$(id -u):$(id -g)" -v /root:/forbidden ubuntu bash -c "id; touch /forbidden/thing; ls /forbidden"
uid=1000 gid=1000 groups=1000
touch: cannot touch '/forbidden/thing': Permission denied
ls: cannot open directory '/forbidden': Permission denied
And I believe the process is also running as that user from the hosts perspective. I'm not sure though what happens if the containers has sudo installed. So wether the process will become owned by root on the host if the user does sudo on the inside.
Mount points are currently insecure because there are no restrictions on what users can mount in their container. Mount points should be restricted to the user's home directory and a whitelist provided by the server.