currently webrtc-sfu runs as root inside the container.
This is no immediate security issue because there is still a privilege escalation vulnerability for escaping the docker containers necessary to cause any harm, but still more privileged than necessary.
We should rather execute it as a non-privileged user.
currently
webrtc-sfu
runs as root inside the container. This is no immediate security issue because there is still a privilege escalation vulnerability for escaping the docker containers necessary to cause any harm, but still more privileged than necessary.We should rather execute it as a non-privileged user.