[Container-tools] Security vs. Usability: atomic commands and permissions

[Nick Coghlan]

On 27 February 2016 at 12:15, Josh Berkus <jberkus at redhat.com> wrote:
> Folks,
>
> So I'm testing the new atomicapp tutorial documentation, and one thing I'm
> running across as a major usability issue for Linux desktop developers is
> that most of the commands require sudo, and create files which are owned and
> editable only by root.  Which means that I can't easily pull, fork and
> modify Nulecule applications for my own use in my text editor of choice
> (Atom, for example).
>
> Now, this isn't a problem if you're running in an atomic host VM, where
> you're logged in as root.  But supposedly one of the benefits of using
> Fedora Workstation as your dev environment is not needing to run a VM. We
> should be promoting it as the superior developer OS.
>
> Now, I know that the "docker group" approach which Docker takes has some
> major security issues ... but if we're not going to support that, then we
> need something else which is equally easy to use for developers on their own
> laptops.

>From a personal experience perspective, I can also note that whatever
additional security we think we're getting from the current defaults
doesn't actually exist in practice: all the current default security
settings mean is that I always invoke docker with full root privileges
(via sudo).

So, rather than a risk of potential escalation to root access on the
host, we have *guaranteed* root access on the host (as otherwise I
can't run docker commands at all).

This may also be a case where it makes sense to have the default
settings on Fedora Workstation diverge from those on Fedora Server and
Fedora Atomic Host.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia