Comment on My Favorite Self-Hosted Apps Launched in 2025
dan@upvote.au 4 days agoa program that runs as root
Does it have to run as root? It’s common to run Docker in rootless mode in production environments.
Comment on My Favorite Self-Hosted Apps Launched in 2025
dan@upvote.au 4 days agoa program that runs as root
Does it have to run as root? It’s common to run Docker in rootless mode in production environments.
Pika@sh.itjust.works 4 days ago
while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.
So if docker was installed in a root-less environment then a compromised manager container would only compromise everything on that docker system, which still isn’t great but not as bad full root access.