Currently, both FreeCC and the upstream PWD use the regular Docker-in-Docker technique. The PWC/PWD server runs in the outer docker and listens to coming requests. If any call arrives, this outer docker will create an inner docker, the sandbox in the training website.
There are potential security issues. Both dockers run in the root mode and can access the host server directly. They work like siblings. On the host, users can see all the docker containers. PWD implements additional security enhancements, which is paid service and not open-source. So far, what we do is to use a non-root user in the sandbox.
A possible solution is switching to rootless DinD. On the host, we start a docker service provider to provide the rootless docker daemon. Then the outer docker mentioned above uses this rootless docker daemon instead of the default one on the host to start sandbox. In this way, the sandbox can use the pseudo root user and it works as the child of outer docker.
This approach may need significant changes in the GO source code of PWC so that it can't be easily merged with PWD anymore.
Currently, both FreeCC and the upstream PWD use the regular Docker-in-Docker technique. The PWC/PWD server runs in the outer docker and listens to coming requests. If any call arrives, this outer docker will create an inner docker, the sandbox in the training website.
There are potential security issues. Both dockers run in the root mode and can access the host server directly. They work like siblings. On the host, users can see all the docker containers. PWD implements additional security enhancements, which is paid service and not open-source. So far, what we do is to use a non-root user in the sandbox.
A possible solution is switching to rootless DinD. On the host, we start a docker service provider to provide the rootless docker daemon. Then the outer docker mentioned above uses this rootless docker daemon instead of the default one on the host to start sandbox. In this way, the sandbox can use the pseudo root user and it works as the child of outer docker.
This approach may need significant changes in the GO source code of PWC so that it can't be easily merged with PWD anymore.