The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

399224 (9) [Avatar] Offline
#1
For all intents and purposes, this container has root privileges on the docker engine host. You should warn users of the implications of that. You probably should also cite CenturyLinkLabs's image-visualization container, too.

http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
aidanhs (25) [Avatar] Offline
#2
Hi

In that particular case, the image is generated by an automated build of https://github.com/docker-in-practice/docker-image-graph so is relatively easy to inspect (and, that aside, we hope you trust the authors to some extent!).

There are a number of techniques throughout the book which require mounting the Docker socket and a warning for each would quickly get tiresome for a reader, but I agree that we could do better. There's a warning just inside technique 1, so I'll flesh that out a little to make it clear that the insecurity applies to containers as well. I'll also tweak the intro to technique 33 as well.

I'll add an acknowledgement of CenturyLinkLabs since our image is based on theirs.

Thanks for your feedback!

Aidan
399224 (9) [Avatar] Offline
#3
Not intended to impugn the authors' characters. You have to at least also trust that their github and dockerhub credentials are secure to legitimately trust this recipe.