Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Security of Docker as it runs as root user

Tags:

A Docker blog post indicates:

Docker containers are, by default, quite secure; especially if you take care of running your processes inside the containers as non-privileged users (i.e. non root)."

So, what is the security issue if I'm running as a root under the docker? I mean, it is quite secure if I take care of my processes as non-privileged users, so, how can I be harmful to host in a container as a root user? I'm just asking it to understand it, how can it be isolated if it is not secure when running as root? Which system calls can expose the host system then?

like image 379
Mustafa Avatar asked Sep 27 '13 15:09

Mustafa

People also ask

Is running Docker as root safe?

There's no strong physical boundary; your container's another process run by the root user on your host's kernel. This means a vulnerability in your application, the Docker runtime, or the Linux kernel could allow attackers to break out of the container and perform root-privileged operations on your machine.

Should Docker run as root or user?

The Docker daemon always runs as the root user. If you don't want to preface the docker command with sudo , create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

Is Docker a security risk?

Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the container. You can add an extra layer of safety by enabling AppArmor, SELinux, GRSEC, or another appropriate hardening system.

2 Answers

When you run as root, you can access a broader range of kernel services. For instance, you can:

  • manipulate network interfaces, routing tables, netfilter rules;
  • create raw sockets (and generally speaking, "exotic" sockets, exercising code that has received less scrutiny than good old TCP and UDP);
  • mount/unmount/remount filesystems;
  • change file ownership, permissions, extended attributes, overriding regular permissions (i.e. using slightly different code paths);
  • etc.

(It's interesting to note that all those examples are protected by capabilities.)

The key point is that as root, you can exercise more kernel code; if there is a vulnerability in that code, you can trigger it as root, but not as a regular user.

Additionally, if someone finds a way to break out of a container, if you break out as root, you can do much more damage than as a regular user, obviously.

like image 57
jpetazzo Avatar answered Oct 09 '22 19:10

jpetazzo

You can reboot host machine by echoing to /proc/sysrq-trigger on docker. Processes running as root in docker can do this.

This seems quite good reason not to run processes as root in docker ;)

like image 29
wrzasa Avatar answered Oct 09 '22 20:10

wrzasa
Sign in to Comment

Related questions

What gc_collect_cycles function is useful for?
Do Geofences remain active in android after a device reboot
"The App Name you entered has already been used" even though I just created the app
What does linking/unlinking with Homebrew mean?
findViewById() returns null when I call it in onCreate()
How to safely run user-supplied Javascript code inside the browser?
What are "BuildConfig.DEBUG conditional checks"?
Is there any open source Augmented Reality sdk for android? [closed]
Writing a good Hashable implementation in Swift
How can I prevent materialized views from refreshing during pg_restore?
How to start Travis CI deploy only when tag name matches a regex
deleteOnExit not deleting file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!