Hello there, docker noob here.

I am running a docker container (used by me and me only) on a shared ssh server. Recently, I needed to install a new package through pip, and noticed the following warning:

WARNING: Running pip as the ‘root’ user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead

Now: I don’t care about the container itself since it gets destroyed once I’m done with it anyway (I use docker run (…) --rm), but I’m concerned about the host machine. As far as I know, containers are supposed to be 100% isolated, meaning that in case of any “conflicting behaviour with the system package manager”, they will affect at most the container’s and not the host’s. Correct? Does that mean that I can safely ignore the message? Anything else I should be mindful of with respect to the host machine (and the other users of that machine)?

Sorry for the stupid question, but I am a docker noob. Many thanks in advance.

Don’t be. The “mount namespace” is the only one that Docker containers always get their own. The mount namespace is basically a “chroot” if you know about that term. As long as you don’t mount a system folder from the host to a system folder in the container, the container can’t break the filesystem of the host.

Well, I wouldn’t say 100%, but enough. You can still see the host hardware. Every process is running “on the host”, it’s just the process inside the container that “thinks” otherwise.