Open Dinth opened 5 years ago
Dinth
commented
5 years ago sorry for refreshing the old issue, but is there anything what can be done to enable SMB support in the official motioneye container? I dont see this to be a problem other than adding cifs-utils package and Hass.IO containers for MotionEye already have smb support built in.
kleini
commented
5 years ago I do not like to add cifs-utils to the docker container. This does not really make sense for me. I would mount some Samba volume on the underlying host operating system and mount it then into the container. What is your use case to need cifs-utils inside the container?
Dinth
commented
5 years ago Hmm i can see your point here but for me seems like a security threat. The computer im running motioneye is my network firewall & IOT machine. There's quite a few of potential vectors of attacks here and i dont really want to expose my storage to whole machines. Docker provides at least some kind of isolation between different apps & services and allows me to configure each service to only see bits required by it.
kleini
commented
5 years ago If somebody is able to break into your host machine and see the Samba filesystem there, he will be also able to break into the container running motioneye. In my eyes Docker images & containers intention is to transport a single application - motioneye in this case - and all the necessary dependencies for exactly only this application. This is my understanding of Docker images and how to run containers. Optimized for a single application. The wiring into all other services or especially other filesystems in this case, is a matter of the machine hosting the container. Please see my point regarding your fear regarding your mentioned attack vector. If somebody is able to access the filesystem on your host, he will be able to access everything, that is inside the container, too.
Im running ccrisan/motioneye:master-amd64 image, but it seems that it doesnt include cifs-utils or smb support. Can you please add it to the container?