Docker Community Forums

Share and learn in the Docker community.

Container seems to be ignoring filesystem access control

(Kocha) #1

I’m running docker 1.12.2 on Ubuntu 16.04. When I run the following steps, it appears that I am able to write a file in /, even though I am not running as root and have no permissions to write to /.

$ docker run --rm -it -u 1000:1000 centos /bin/bash
$ id
uid=1000 gid=1000 groups=1000
$ ls -ld /
drwxr-xr-x 22 root root 4096 Oct 24 16:42 /
$ ls /asdf
ls: cannot access /asdf: No such file or directory
$ touch /asdf
$ ls /asdf

This isn’t limited just to the / directory. I can also write to many other system locations within the container (/bin, /sbin, etc.). I’m also able to write to host mounted volumes from within the container regardless of the permissions there as well.

Am I misunderstanding something about how the “-u” option is supposed to work, or is this a bug?