I am using a CentOS 6.9 system of High performance computation platform and I wanna use docker with non-root user. Is there a method that I can build docker from source and do not need root privilege?
Sep 20, 2018 If a user manages to break out of an application running as root in a container, he may be able to gain access to the host with the same root user.
Shixiang WangShixiang Wang
1 Answer
This shouldn't be possible as it would be a major security concern.
When docker is installed on a machine, users with docker access (not necessarily root) can start containers. In particular, they can start containers in priviliged mode, giving the container access to all host devices.
More importantly, A user with access to docker can mount directories owned exclusively by machine root. Since by default, a root user inside the container will have access to mounted root-owned directories inside the container, this will allow any Docker container started by a non-root user to access critical machine stuff.
Therefore, the sequence of having a non-root user install Docker and start containers should not be allowed as it can compromise the whole machine.
Check this explicit comment from one of the docker maintainers.
yamenkyamenk
Not the answer you're looking for? Browse other questions tagged dockercentos or ask your own question.