Once it’s installed and you tell the docker CLI where to find the socket file (in /run/user/UID/docker.sock instead of the usual /var/run/docker.sock ) you can start using Docker. Obviously I’d recommend downloading and reading the script rather than following their suggestion to pipe it straight to sh but looking through it you’ll see it’s mainly just checking the environment before setting up and then downloading and extracting the necessary binaries to $HOME/bin. You need a couple of packages to be installed (the main one you’ll likely need to add is uidmap) and then you can use Docker’s install script to set it up. Setting up rootless containers is pretty straightforward, on Ubuntu at least. Other container solutions like Podman have had this feature for a while but if your used to Docker’s approach it’s nice to see it being available.ĭocker’s documentation on rootless containers has some information about how this is achieved, but I thought it’d be interesting to have a poke around some of the details of the implementation and what it means for container security, especially as I’ll be adding this to the container security course I do. This is an important step for Docker security as it allows for the entire Docker installation to run with standard user prvivileges, no use of root required. With the release of Docker 20.10, the rootless containers feature has left experimental status.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |