a compendium of half-finished projects by thomas strömberg – @thomrstrom
Ever wanted to run Docker on an unmanned macOS machine, where all users could have access to a working Docker command-line?
First, be aware that docker is not designed to be securely shared among multiple users. As with Linux, Please assume that anyone who has access to docker is effectively equivalent to `root'.
I wanted to get my feet wet with understanding Kaniko, an open-source in-cluster builder for Docker images. I happen to work with one of the maintainers, Tejal, and I asked her if there was any interesting UNIX-internals sort of bugs that might be interesting.
Here's the mystery issue: “The USER command does not set the correct gids, so extra groups are dropped”. Here's an example to reproduce it: