Comment on Rootless docker and symlink to docker.sock security issues
Pika@sh.itjust.works 1 day ago
I’m not fully understanding here, are you saying that the symlink is root because root is required to access /var/run or that its root because its required by patchmon.
If its root because the rest of the /var/run is root, is it not on the table to just chown the /var/run/docker.sock to be the userid? since I would assume that patchmon would be running as the docker user anyway since you are running in a rootless environment? I might be misunderstanding.
I tried to chown the /var/run/docker.sock but that doesn't work. It remains root, without errors.
Patchmon runs as root, since the docker is on an other host an had the patchman agent. Patchmon needs to run as root since it uses apt to update.