[Discuss] sandboxing web browsers

[richard.pieri at gmail.com (Richard Pieri)]

On 6/21/2015 10:38 PM, Tom Metro wrote:
> The Docker daemon runs as root. If the non-privileged user starting FF
> is put in the docker group and allowed to start any container, then yes,
> they have root. If instead a SetUID script or sudo rule is used to
> launch a specific container, which does not launch a root shell, then
> the resulting container and FF process won't have root privileges.

Docker requires root to initialize containers. It's how Docker was 
designed. It's a known design flaw and the Docker folks have gone on 
record stating that they don't intend to fix it. So, if you're going to 
let me start Docker containers then I will be able to elevate myself to 
root on the host. The only way to stop me is not to let me start Docker 
containers at all.


>> Docker does not work "perfectly well" in the first place in my experience.
>
> That may very well be your experience. But some of us use it daily and
> find that it does the intended job.

FSVO "intended". My experience is that developers have been using Docker 
to rationalize piss-poor deployment practices. It doesn't matter to them 
if their run time environments are utter hell for users to recreate, 
just put it all in a container and copy the hell everywhere.

One most egregious example that I've had to deal with, a project called 
ShareLaTeX, their environments are so bad that their containers are the 
only supported way of deploying. So bad that their containers don't work 
outside of their own environments.

-- 
Rich P.