Hacker News new | past | comments | ask | show | jobs | submit login

Based on [1] it looks like you could gain root within the docker container. From there, you need a bit of luck to get root on the host [2].

[1] https://github.com/karlicoss/cloudmacs/blob/master/asEnvUser [2] https://security.stackexchange.com/a/153016

Within the Docker container, everything runs as root by default, since container can't know your UID in advance. Main reason for this script is to make sure mounted files are not written back as root.

Although a section explaining how to build container that runs as non-root user in the first place (even though it requires modifying Dockerfile, I think) would be useful, so I'll add it, thanks!

Yep, potential kernel/Docker bugs would let you escape the sandbox, but I guess that's the risk I'm accepting.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact