[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] Authentication/Roles Based Access Control with Docker API.
- From: Stef Walter <stefw redhat com>
- To: Daniel J Walsh <dwalsh redhat com>, atomic-devel projectatomic io
- Subject: Re: [atomic-devel] Authentication/Roles Based Access Control with Docker API.
- Date: Fri, 21 Nov 2014 21:19:23 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21.11.2014 16:29, Daniel J Walsh wrote:
> I have begun thinking about securing the docker socket, and I
> wanted to open a discussion on this to get other peoples ideas.
>
> Docker currently uses group permissions to control who can connect
> to the docker socket. If you have the docker daemon listen on the
> network, then there is no security. The ability to talk to the
> docker socket is the equivalent of giving the user root, which I
> blogged about here.
>
> http://www.projectatomic.io/blog/2014/09/granting-rights-to-users-to-use-docker-in-fedora/
>
> I believe we need to start working on fixing this. First I would
> like to see authentication fixed. We need some mechanism to allow
> administrators to specify which users are able to manage docker?
I think polkit should be that mechanism. That's what all the other
system services use or are migrating towards.
Stef
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRvnksACgkQe/sRCNknZa+VcwCg0yYyebWvvX9bMnKd/1e3GAuD
evoAnR+X6eiWYP+CAkFPK27T879dzYIy
=fed8
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]