Comment by ashishb
6 days ago
Right now, not. Eventually, they will.
You can pass your favorite rootless Docker image using `--custom-docker-image` CLI parameter.
6 days ago
Right now, not. Eventually, they will.
You can pass your favorite rootless Docker image using `--custom-docker-image` CLI parameter.
I hope you see the (IMO, obvious) problem.
1. Docker (or any Linux container runtime, for that matter) is not intended for, designed for, or effective as a security boundary. 2. Root containers run as root on the host. The "sandboxed" processes have full capabilities, as far as the kernel is concerned with them.