Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They run as root per default.

Simply using the "USER <uid/uname>" directory means you run as non-root user with a specified UID. Kubernetes recommends doing that as a baseline security measure. You can also drop caps from a container so even if you are root inside, you can't do a lot of things root can.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: