asavin
commented
7 years ago Nice one!
Closed lpil closed 7 years ago
asavin
commented
7 years ago Nice one!
lpil
commented
7 years ago FYI the image is still building on my machine, so it's untested. npm is sloooooooooooow
Will let you know when it works, then you should probably test it too.
lpil
commented
7 years ago Seems to work but I don't have all the env so couldn't test 100%
asavin
commented
7 years ago Ok I think Circle is not going to pick up this PR :-O
asavin
commented
7 years ago I'm going to merge this into a local branch and then we can follow the normal flow from there.
In docker the user namespace is shared between the host and docker containers, so root in a container is root on the host.
In the event of the app being compromised running the attacker will only have access to that user, rather than to the root of the host and all the containers on the machine. Much better. :)
I should have done this first time round. Oops.