With user namespaces, privileges for the Docker daemon and container are handled separately, so each container can receive its own user-level privileges. Containers do not need root access on the host, although the Docker daemon still does.
However, Nathan McCauley, director of security at Docker, clarified in an email that user namespaces are currently available only for Linux. "Windows has its own isolation features that we'll integrate with Docker," he wrote. "On every platform we'll aim to support every isolation feature."
No comments:
Post a Comment