• florian@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    It depends on the use case. The most common security issue I have seen with docker is on Linux desktop systems: docker deamon runs as root and user wants to use it to test all kinds of containers. So they make the docker socket accessible to the user, to lazy to use “sudo docker” every time… Having access to the docker socket means having the same permissions as the one running the daemon: root . Your browser effectively now has root permissions. At this point you could just login as root to your desktop.