docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updating with SEb's comments 

Signed-off-by: Mary Anthony <mary@docker.com>
This commit is contained in:
Mary Anthony 2015-08-31 09:54:15 -07:00
parent b0fd4f882f
commit 95495d20be
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/userguide/dockervolumes.md
View File

@ -145,10 +145,7 @@ Because of [limitations in the `mount`
function](http://lists.linuxfoundation.org/pipermail/containers/2015-April/ function](http://lists.linuxfoundation.org/pipermail/containers/2015-April/
035788.html), moving subdirectories within the host's source directory can give 035788.html), moving subdirectories within the host's source directory can give
access from the container to the host's file system. This requires a malicious access from the container to the host's file system. This requires a malicious
user on the host with root access or with access to the Docker socket. Access to user with access to the mounted directory on the host.
the Docker socket is equivalent to being privileged/root on the host. If your
systems defines a `docker` group, be aware all its members have the necessary
privileges to exploit this.
>**Note**: The host directory is, by its nature, host-dependent. For this >**Note**: The host directory is, by its nature, host-dependent. For this
>reason, you can't mount a host directory from `Dockerfile` because built images >reason, you can't mount a host directory from `Dockerfile` because built images