Reputation: 4183
Is Volume in Docker a security hole?
If we expose a host directory using 'volume' in a docker container, is that considered a security back door?
Upvotes: 3
Views: 4312
Answers (2)
Reputation: 38257
Anyone who can run a container on your system and mount a volume can do anything root can do. The simplest way to accomplish this is to mount / inside the container, so then as root in the container you can change any file on the host.
But I would not consider that a security back door any more than I would consider sudo a security back door.
A couple of good places to review docker security are:
Upvotes: 4
Reputation: 12635
It is not considered a security back door. Any volumes from the host machine exposed to the docker container should abide by the permissions suitable for your execution environment, but there isn't a way for example to traverse directories and expose /etc/passwd or things of this nature. At the end of the day, your container exists as data on the host machine anyways (in /var/lib/docker -- check for yourself). If you have more specific worries, update your question and I'll address them, but as is no, this is not considered a security backdoor.
Upvotes: 2
Related Questions
- What is the purpose of VOLUME in Dockerfile?
- Volumes in the host system
- Docker Volume File permission
- Understanding docker volumes and volume options
- what does VOLUME inside Dockerfile do
- Using volume for mounting a file
- What is the practical purpose of VOLUME in Dockerfile?
- Understanding Docker volumes
- Is it safe to use same host volume in multiple containers?
- Why would I want to to use VOLUME inside a Dockerfile?