Docker Community Forums

Share and learn in the Docker community.

Major security issue

There is a major security issue with docker.
If you run a container with a local directory mounted, the container creates files with rue root access on the client machine.

Try the following:
mkdir Work
docker run -it --rm -v $PWD/Work:/opt/Work centos /bin/bash
cd /opt/Work
mknod sda1 b 8 1
chmod 666 sda1
control-D
Do anything you like to Work/sda1

This is pretty much expected behaviour.

If you don’t want that:

Above all things, please understand that access to the Docker engine API is always the equivalent of root access to the host itself. Please separate concerns: access to the engine is one thing, what the container can do is another thing.