Hacker News new | past | comments | ask | show | jobs | submit login

> There aren't really any advantages to using it for individual users.

Cheers, but his is not true.

Running a container without root privilege is a security advantage for users who run containers that (inevitably) contain vulnerabilities.




This is so true… also different users on the same machine can have their own podman daemon mimicking their own private docker daemon.

In some cases it can be useful to run different containers as different users.


Even more so if said containers contain Trojans.

Bit more secure than running directly, but if the container is broken out of, attacker directly gets root.


Adding to the parent's point. The docker hub is full of malware images and the docker devs could not care less.1.2.3.

1. https://www.bleepingcomputer.com/news/security/docker-hub-re...

2. https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...

3. https://www.bleepingcomputer.com/news/security/thousands-of-...


It's often the case with software "repositories". Pypi, npm, Maven... Security is expensive.

An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.

Even MAAMAN (was FAANG) app stores have been exploited.

FYI your second link is broken or dead.


You have sudo though presumably, so there's not much difference between giving it access to your account and directly giving it root.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: