Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

does the docker:dind-rootless have to run with --privileged? #291

Closed
gyh9457 opened this issue Feb 1, 2021 · 4 comments
Closed

does the docker:dind-rootless have to run with --privileged? #291

gyh9457 opened this issue Feb 1, 2021 · 4 comments
Labels
question Usability question, not directly related to an error with the image

Comments

@gyh9457
Copy link

gyh9457 commented Feb 1, 2021

I do not want to run with --privileged, but i get an error : [rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted
@wglambert wglambert added the question Usability question, not directly related to an error with the image label Feb 1, 2021
@wglambert
Copy link

You still need --privileged #151 (comment)

You'll also want the command set to --experimental for dockerd#281 (comment)

Like docker run -it --rm --privileged docker:dind-rootless --experimental

@gyh9457
Copy link
Author

gyh9457 commented Feb 2, 2021

thanks @wglambert

@gyh9457 gyh9457 closed this as completed Feb 2, 2021
This was referenced Mar 4, 2021
Closed
Merged
@mo-saeed
Copy link

mo-saeed commented Mar 5, 2021
edited
Loading

@wglambert Perfect thank you, it works :)

I just have one question, running the container here as privileged expose the same risk as any other containers running as privileged or this is different? I just want to understand the risk here.

@wglambert
Copy link

wglambert commented Mar 5, 2021
edited
Loading

Yeah it's essentially the same risk. Maybe a little bit minimized since rootlesskit provides a layer of security, but --privileged by nature gives the container all the capabilities as the host https://containerjournal.com/topics/container-security/why-running-a-privileged-container-is-not-a-good-idea/

In the future questions like this should be asked over at the Docker Community Forums, Docker Community Slack, or Stack Overflow. Since these repos aren't really a user-help forum

@mumoshu mumoshu mentioned this issue Jul 19, 2022
Merged
@sebthom sebthom mentioned this issue May 27, 2023
Closed
@ochorocho ochorocho mentioned this issue Jul 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gyh9457 @wglambert @mo-saeed