[–] richo 11y ago ↗ * Add figure ALL=(ALL) NOPASSWD:ALL to sudoer file.This is cute. [–] sorpaas 11y ago ↗ That's for deleting apps, since docker volumes may produce something that only root can access. Haven't found ways to get around it, any suggestions? [–] lbradstreet 11y ago ↗ I assume you mean data outside the container?Maybe you could at least silo the utility that needs to delete so that it can easily be inspected and so you don't have to trust the whole program. [–] richo 11y ago ↗ Exactly. A setuid `delort-container` utility would be a good start.
[–] sorpaas 11y ago ↗ That's for deleting apps, since docker volumes may produce something that only root can access. Haven't found ways to get around it, any suggestions? [–] lbradstreet 11y ago ↗ I assume you mean data outside the container?Maybe you could at least silo the utility that needs to delete so that it can easily be inspected and so you don't have to trust the whole program. [–] richo 11y ago ↗ Exactly. A setuid `delort-container` utility would be a good start.
[–] lbradstreet 11y ago ↗ I assume you mean data outside the container?Maybe you could at least silo the utility that needs to delete so that it can easily be inspected and so you don't have to trust the whole program. [–] richo 11y ago ↗ Exactly. A setuid `delort-container` utility would be a good start.
[–] dreen 11y ago ↗ I initially thought someone made a server powered by electrolysis from a fig tree
[–] mikewhy 11y ago ↗ Nice, when I started using docker and came across fig I wondered how suitable it would be for production. Will check this out later.
6 comments
[ 4.5 ms ] story [ 25.2 ms ] threadThis is cute.
Maybe you could at least silo the utility that needs to delete so that it can easily be inspected and so you don't have to trust the whole program.