[Container-tools] [Devtools] openshift is way too permissive in the CDK/ADB
Hardy Ferentschik
hferents at redhat.com
Thu May 19 19:03:53 UTC 2016
Hi,
On Thu, 19-May-2016 10:12, Daniel J Walsh wrote:
> User namespace as you would expect it to work. (Container Isolation) does
> not work yet. User Namespace can be used with docker-1.10, but only for
> protecting the host from the container. All containers would run with the
> same "DockerRoot".
So one thing which always surprised me, is that Docker seems to recommend in its
best practices to actually do change the USER - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
Hence, so many images on DockerHub follow this principle and each and every one
won't run out of the box on OpenShift.
Is it really so wrong? And if it is, why does Docker not change its recommendation?
--Hardy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/container-tools/attachments/20160519/adadf78b/attachment.sig>
More information about the Container-tools
mailing list