Closed TtheBC01 closed 3 years ago
We are not authors of RStudio (but simply have their permission to ship it in our containers). Your request, it seems, concerns design issues in their product and may therefore be more appropriate at their repo.
bummer, I'll try over there then. Thanks!
Its typically helpful for security purposes to drop all unnecessary kernel capabilities for a docker container, however, running rocker/rstudio with all capabilities dropped
docker run -it --rm --env PASSWORD=hello --cap-drop=all rocker/rstudio
produces a system permission error that is difficult to circumvent, even when the container user is root. Jupyter notebook containers allow for reduced kernel capabilites, so I imagine it must be possible in this scenario as well.