zevlag
commented
5 years ago I agree @adespain. That is definitely a much more accurate takeaway.
The inspiration for this particular challenge was these tweet: https://twitter.com/dinodaizovi/status/1036591829838450688 https://twitter.com/4lex/status/1035932897407115264 https://twitter.com/4lex/status/1036641246176075776
In MacOS docker itself runs in a VM, only passing in volume mounts.
In other environments it runs differently.
@ThatJoeMoore and @zevlag The takeaway for i am groot mentioned in the walkthrough is to not run the docker daemon as root. However from what I have read the docker daemon has to run as root correct? this challenge gave us access to a user who was already in the docker group (which gives elevated permissions already). From the CIS standards I could only find this:
1.4 Ensure only trusted users are allowed to control Docker daemon
So the takeaway isn't to make sure the docker daemon doesn't run as root, but to carefully monitor all users who are in the docker group. Or am I reading it wrong?