What should I know if I'm going to run #docker on a publicly accessible #VPS?

I'm asking because I see this warning: "Adding a user to the “docker” group grants them the ability to run containers which can be used to obtain root privileges on the Docker host. Refer to Docker Daemon Attack Surface for more information."

docs.docker.com/engine/install

Show thread

@celia that warning is for companies who should be aware that adding Bob to docker is kind of the same as giving them root privileges which is probably a bad idea if was done just for convenience.

In your case I would assume you have control of the VPS, the root and your own user may have that privilege. And you would not harm your own VPS.

Follow

@celia @esparta Yeah, shouldn't be an issue if you're the sole user/administrator. (Just remember any additional `docker` group member is able to run and control any and all containers, also those "created" by other users, and, through volumes, is essentially given root FS access.) Also, if you ever plan on adding other users and services, you might wanna look into namespaced/rootless Docker.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!