78

Quadlets might make me finally stop using docker-compose(major.io)

posted
by
Avatar
rglullis@communick.news
in
Avatar
selfhosted@lemmy.world
54 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
hottari@lemmy.ml
6 points

Podman might have a “more secure” design but you can run the docker daemon as rootless. Podman itself is not immune to vulnerabilities and will not solve all your security problems.

permalink
report
parent
reply
Avatar
Dandroid@dandroid.app
12 points

Don’t let perfection be the enemy of good. Security is not all or nothing. Reducing the attack surface is still important.

Can you elaborate on running docker daemon as rootless? It’s my understanding that you can add your account to a group to access the docker daemon rootless, but the containers are still running as root, as the daemon itself raises the access to root.

permalink
report
parent
reply
Avatar
icedterminal@lemmy.world
2 points

but the containers are still running as root, as the daemon itself raises the access to root.

No. The daemon can run without root, as such the containers don’t have root. My docker install doesn’t have root access. None of my stacks / containers need any root access tbh. I don’t have any troubles with deplyong stuff.

https://docs.docker.com/engine/security/rootless/

permalink
report
parent
reply
Avatar
hottari@lemmy.ml
-4 points

Not sure relying on podman alone as a security tool might be advisable. Podman is a container technology first, security is not the main goal.

Read more about rootless docker here.

permalink
report
parent
reply
Avatar
Dandroid@dandroid.app
7 points

I never said I was relying on it alone. Not sure why you think that.

That’s a great link. Thank you for sharing. It’s good that docker supports this functionality now.

permalink
report
parent
reply
Show more comments

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 5.1K

    Monthly active users

  • 3.6K

    Posts

  • 81K

    Comments

Community moderators