[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Docker Universe: mapping of container's root to other UID/GID?
- Date: Thu, 10 Mar 2016 08:44:24 -0600
- From: Greg Thain <gthain@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Docker Universe: mapping of container's root to other UID/GID?
On 03/10/2016 06:53 AM, Thomas Hartmann wrote:
I stumbled over  and am wondering, if it would make sense to map at
least root to another UID/GID - assuming it would reduce(?) the risks by
some hypothetical exploit allowing root to escape a container?
Note that HTCondor will never start a docker container (or any other
job, in any other universe, for that matter) as root.
I think that going forward, if we wanted to map uids, we'd use the new
username feature of Docker when that is widely available.