

Docker 0.5.2 Released - Security Update - kstaken
https://groups.google.com/forum/?fromgroups#!topic/docker-club/7j9quGgOtZQ

======
crashoverdrive
is this chroot or root, because, in my experience, don't you NOT want apps
running as root? I suppose with containers having sub-level access it would be
a difficult decision to choose which was more secure, giving docker full
access to everything, or it not having control. It's a shame that its such a
difficult place to change it, or that you can't select it at install.

~~~
shykes
Docker itself requires root privileges to place processes in different
namespaces, manipulate their control groups etc.

However, you can very easily drop the privileges of the application running
inside each container, with "docker run -u <USER>". This is definitely
recommended for several use cases, for example running untrusted code on
shared hardware.

