
AinD: Android in Docker - ingve
https://github.com/aind-containers/aind
======
ryanmjacobs
I really want to try this, but I'm a little hesitant with the --privileged
flag. Sounds like this is pretty much giving root access to the container?
([https://stackoverflow.com/questions/36425230/privileged-
cont...](https://stackoverflow.com/questions/36425230/privileged-containers-
and-capabilities))

Could someone (or OP) enlighten me on what requires this flag? I thought the
container would also get access to the anbox kernel modules that I have
installed already.

~~~
mister_hn
But docker runs still with root privileges (or your user must be in the docker
group, which is equivalent to root - so is also in the official documentation
explained)

~~~
ryanmjacobs
Right I get that, it's because the docker daemon needs root access to do its
management stuff. But as far as running random "bad things" off docker hub, I
always assume it's going to be fenced off. Like by default, the containers
cannot read external files or open up host ports, etc. But with --privileged I
guess it can do anything.

I'm a big fan of people supplying pre-built docker images because it lets me
try out their software in what I assume to be a sandbox. I'm a little less
wary when it comes to docker -- almost to the point of being nonchalant,
running random images willy-nilly without digging into the source code even a
_tiny_ bit. Granted, that behavior is probably gonna bite me in the ass one
day. But it's definitely better than the `curl
[http://example.com](http://example.com) | bash -` and `sudo make install`
patterns.

Whenever I see someone's instructions telling me to use `docker
--network=host` or `docker --privileged`, I can't help but panic a little...
"Am I going to regret running this developer's code as root on my machine?" A
little justification from the OP eases my mind, that's all. Which he did :)

~~~
londons_explore
I think you're putting too much faith in the security of docker... It is only
superficially secure, and any real evil software can break out of it since the
attack surface is huuuge (every loaded kernel driver).

~~~
rtempaccount1
Docker has a number of security layers that can make breakout more
challenging, specifically dropped capabilities, a seccomp filter and (on
debian/ubuntu) an AppArmor profile installed.

I wouldn't agree that it's trivially possible to breakout of a default
configured Docker container, not every attacker is packing a Linux Privesc
0-day and the knowledge to use it.

------
nhoughto
Could this be used to test android apps in CI? Where traditionally you run up
against nested virt problems (in aws).

Not mentioned as a purpose..

~~~
inez_k
That was my first thought. Very curious to find out how it would compare to
Testlab virtual machines.

~~~
AkihiroSuda
I haven't tested, but if UI automator stuff works with Anbox, it should work
with aind as well.

I can add it to the scope of the project if it works.

------
devit
What's the advantage compared to just using Anbox?

~~~
AkihiroSuda
Anbox is for desktop, aind is for cloud (and edge).

The biggest advantage of running Android on cloud/edge I think is anti-theft.

Also, it will be soon able to run multiple aind pods on Kubernetes with
distinct UID mappings. (I need to submit patches to Anbox upstream)

~~~
chii
> The biggest advantage of running Android on cloud/edge I think is anti-
> theft.

what is this anti-theft? What's being stolen?

~~~
severine
Maybe:

Someone steals your smartphone now -> they've got everything , and a
smartphone

vs

Someone steals your _clouded_ smartphone -> they've got an empty smartphone
and no data.

~~~
packetlost
This is a very, very, very bad idea. Just encrypt your phone with a strong
passcode and backup regularly. Making your phone entirely dependent on a
strong internet connection is a recipe for a bad time.

~~~
AkihiroSuda
I agree that the phone should be encrypted (in conjunction with aind), but
people are likely to set weak passcode like "1234" (or finger pattern) because
they want to open email/phone/twitter/maps/payment apps in a few seconds.

aind is expected to be used only for sensitive apps, with more strong
passcode.

