[Container-tools] Security vs. Usability: atomic commands and permissions
Josh Berkus
jberkus at redhat.com
Mon Feb 29 18:41:12 UTC 2016
On 02/29/2016 10:23 AM, Daniel J Walsh wrote:
>> >From a personal experience perspective, I can also note that whatever
>> additional security we think we're getting from the current defaults
>> doesn't actually exist in practice: all the current default security
>> settings mean is that I always invoke docker with full root privileges
>> (via sudo).
> The difference here is there is some logging that You executed sudo
> docker command,
> as opposed to no logging whatsoever. And if you did not setup sudo
> without a password
> you at least would block some attack vectors where a process running in
> your usespace will
> not be able to run root commands. With docker group any process running
> as your UID can
> become root with no logging.
>
> Only able to execute some docker commands through sudo using sudo and
> some scripting is
> far more secure then setting up docker group. If you want to setup
> docker group on your system
> it will work, but this is not something we should be encouraging any
> more then we should encourage
> people to setup sudo without a password.
In fact, using the docker group does not work with atomic.app.
I get what you're saying about system security. On the other hand, we
need some way for developers to work in their chosen IDE/text
editor/etc. for developing atomic apps if we expect them to use the
platform at all. Right, now if I want a reasonable workflow for
fork-and-edit for atomic.app, I need to be running Atom as root. That's
not exactly a security improvement, and there's a bunch of steps to make
it work.
--
--
Josh Berkus
Project Atomic
Red Hat OSAS
More information about the Container-tools
mailing list