[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Proposal: no docker group by default



On 16.01.2015 15:45, Joe Brockmeier wrote:
> On 01/16/2015 09:41 AM, Stef Walter wrote:
>> Atomic seems to ship a 'docker' group by default. Anyone added to this
>> group can completely bypass system policy, identity, and audit.
>>
>> It should not be routine to add users to this group. It should be
>> routine to sudo in order to use docker.
>>
>> I would like to suggest not having this group by default. It can be
>> added by admins if they really want to have it.
>>
>> In fact the Docker documentation contains strong warnings about this
>> group, and suggests creating it when necessary:
>>
>> https://docs.docker.com/installation/binaries/
>> https://docs.docker.com/articles/security/#dockersecurity-daemon
>>
>> It's trivial to create this group when necessary. docker daemon only
>> checks the name of the group, not the gid.
>>
>> It would be important to make such a decision soon. Ideally this week,
>> since people will come to depend on this group being present by default.
> 
> So, "this week" I guess you mean "today"? :-)

Heh heh. I guess, I'm already thinking about next week too much :)

Stef

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]