0

I want to use use docker in "rootless mode". As I understand it, if a container (or the daemon itself) is compromised, then the code that breaks out into the host can only do damage limited to the access rights of the user running the docker daemon (my user account).

But on a VPS (especially one controlled by automation, e.g. ansible), it is common to have the user account in the sudo group, and for it to have passwordless sudo (as specified in /etc/sudoers).

Are these contradictory concepts? Is rootless mode still useful, given that malware breaking out into the host (and thus my user account) will have passwordless sudo rights?

lonix
  • 14,255
  • 23
  • 85
  • 176
  • 1
    Giving a user passwordless `sudo` access is more or less equivalent to letting the process run as root; if you do wind up vulnerable to an attack, so long as they're able to execute a command starting with `sudo` then technically not being root doesn't help you at all. Since a container only manages a single process and you don't "administer" it at all, I just wouldn't install `sudo` and this question becomes moot. – David Maze May 26 '23 at 13:22
  • @DavidMaze Thanks, that was what I thought too. That setup is very common for VPSs managed by ansible, so going through the complexity of rootless docker seemed pointless to me (and also I can't use docker swarm). I'll investigate hardening with user namespaces instead. PS What did you mean by "install" sudo - if the image comes from dockerhub all I can do is run it, as it's already configured? – lonix May 26 '23 at 13:43
  • The standard Docker Hub images like `postgres`, `nginx`, _etc_. don't install `sudo`. – David Maze May 26 '23 at 13:55

0 Answers0