Red Hat re-implemented the Docker using the Open Container Spec (which is as far as I know a standard based on Docker) as a project called CRI-O https://cri-o.io/ which removes the need for a daemon to run containers and rectifies a lot of the security concerns by dividing the work of the daemon into multiple tools. As of RHEL/Centos 7.7 and 8+ they allow for running containers without root using that tool.
A lot of the security concerns apply more to regular servers which are running Docker (or others) vs purpose build container hosting servers which can be stripped down and hardened. Thanks, Sander On Thu, May 23, 2019 at 3:03 PM Jan Wender <j.wen...@web.de> wrote: > Hi, > > > Am 23.05.2019 um 15:06 schrieb Gerald Henriksen <ghenr...@gmail.com>: > > > > security concerns about Docker > > One of the issues is that execution of a Docker container requires to be > started as root, which can be done for services etc, but not for user > processes. But I think that Docker is working on changing that requirement. > > Best, Jan > -- > Jan Wender - j.wen...@web.de > > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > https://beowulf.org/cgi-bin/mailman/listinfo/beowulf >
_______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
