[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Proposal: no docker group by default

On 16.01.2015 15:45, Joe Brockmeier wrote:
> On 01/16/2015 09:41 AM, Stef Walter wrote:
>> Atomic seems to ship a 'docker' group by default. Anyone added to this
>> group can completely bypass system policy, identity, and audit.
>> It should not be routine to add users to this group. It should be
>> routine to sudo in order to use docker.
>> I would like to suggest not having this group by default. It can be
>> added by admins if they really want to have it.
>> In fact the Docker documentation contains strong warnings about this
>> group, and suggests creating it when necessary:
>> https://docs.docker.com/installation/binaries/
>> https://docs.docker.com/articles/security/#dockersecurity-daemon
>> It's trivial to create this group when necessary. docker daemon only
>> checks the name of the group, not the gid.
>> It would be important to make such a decision soon. Ideally this week,
>> since people will come to depend on this group being present by default.
> So, "this week" I guess you mean "today"? :-)

Heh heh. I guess, I'm already thinking about next week too much :)


Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]