Closed lpil closed 7 years ago
Nice one!
FYI the image is still building on my machine, so it's untested. npm is sloooooooooooow
Will let you know when it works, then you should probably test it too.
Seems to work but I don't have all the env so couldn't test 100%
Ok I think Circle is not going to pick up this PR :-O
I'm going to merge this into a local branch and then we can follow the normal flow from there.
In docker the user namespace is shared between the host and docker containers, so root in a container is root on the host.
In the event of the app being compromised running the attacker will only have access to that user, rather than to the root of the host and all the containers on the machine. Much better. :)
I should have done this first time round. Oops.