- Access to docker with root, kernel is shared
- Don’t run container as
root
- Be careful to not pull just any public dockerhub images
- Avoid installing unnecessary packages
- Avoid running sshd inside container
- Build daily & deploy often
- Assign group
root
to any creater user (Because Kubernetes gives this group access for all created volumes)
Entering Root in a Docker Container
- Enter a container with
docker exec
- privileges are dropped, but you can bypass this by using
nsenter
instead.
- Or just use this flag:
docker exec --user root