i am groot takeaway... #23
Comments
|
I agree @adespain. That is definitely a much more accurate takeaway. The inspiration for this particular challenge was these tweet: In MacOS docker itself runs in a VM, only passing in volume mounts. In other environments it runs differently. |
|
Please submit an edit/pull request and I will accept it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@ThatJoeMoore and @zevlag The takeaway for i am groot mentioned in the walkthrough is to not run the docker daemon as root. However from what I have read the docker daemon has to run as root correct? this challenge gave us access to a user who was already in the docker group (which gives elevated permissions already). From the CIS standards I could only find this:
1.4 Ensure only trusted users are allowed to control Docker daemon
So the takeaway isn't to make sure the docker daemon doesn't run as root, but to carefully monitor all users who are in the docker group. Or am I reading it wrong?
The text was updated successfully, but these errors were encountered: