I’m running docker 1.12.2 on Ubuntu 16.04. When I run the following steps, it appears that I am able to write a file in /, even though I am not running as root and have no permissions to write to /.
$ docker run --rm -it -u 1000:1000 centos /bin/bash $ id uid=1000 gid=1000 groups=1000 $ ls -ld / drwxr-xr-x 22 root root 4096 Oct 24 16:42 / $ ls /asdf ls: cannot access /asdf: No such file or directory $ touch /asdf $ ls /asdf /asdf
This isn’t limited just to the / directory. I can also write to many other system locations within the container (/bin, /sbin, etc.). I’m also able to write to host mounted volumes from within the container regardless of the permissions there as well.
Am I misunderstanding something about how the “-u” option is supposed to work, or is this a bug?