Docker does by default - it only works if you use sudo. But the docs tell you to add yourself to the docker group (which requires sudo to do). Then running docker doesn’t require sudo anymore.
Yeah, that’s a terrible decision in the docs. Don’t ever add a path where anything on the shell can execute user-modifyable code as root.
As soon as you do that, you lose any protection that comes from separating root users and non-root users. Because now any malicious program can just use docker to elevate its code to root.
Docker does by default - it only works if you use sudo. But the docs tell you to add yourself to the docker group (which requires sudo to do). Then running docker doesn’t require sudo anymore.
Yeah, that’s a terrible decision in the docs. Don’t ever add a path where anything on the shell can execute user-modifyable code as root.
As soon as you do that, you lose any protection that comes from separating root users and non-root users. Because now any malicious program can just use docker to elevate its code to root.