Giters

lirantal / dockly

Immersive terminal interface for managing docker containers and services

Home Page:https://lirantal.github.io/dockly/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Container Permissions

scollonp opened this issue · comments

commented

Expected Behavior

A logged in system user should only be able to delete/restart/stop containers that they create

Actual Behavior

A logged in system user who executes dockly can delete ANY container

Steps to Re-produce the Problem

  1. Create a docker container

  2. Change user and run dockly

  3. Delete the previous users container!

Context

  • Operating System: Ubuntu 18.04 LTS
  • Node.js version (run node --version): v8.10.0
  • Package version: 3.10.5
  • Docker version (run docker --version): 18.09.4, build d14af54266
  • Is docker installed locally? Yes
  • Do you have containers created? Yes
  • Does this file exists /var/run/docker.sock ? Yes
  • Output of docker info:

Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 2
Server Version: 18.09.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: rx0gc7skzjhuelaokwnpg046n
Is Manager: true
ClusterID: y6nsgp3syry2yfzmltb2oth6r
Managers: 1
Nodes: 2
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.108.150.11
Manager Addresses:
10.108.150.11:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-47-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 125.9GiB
Name: docker01
ID: HKRG:4J4I:T4F2:4GOB:3IZQ:AOMZ:O7VH:G3J4:IFTD:KP2P:O43T:REN5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

commented

Thanks @scollonp for chiming in on this. An interesting question indeed!
I'm not entirely convinced we want to support that because I envision dockly as more of a self-productivity tool than something you'd run on a service shell.

Another thing is, you will see with dockly the same containers as you see when the user does docker ps on the CLI and have the same access. Or are you saying this is not the case?

commented

Perhaps this is more a docker issue than a dockly issue. I'm testing different tools to present docker to students in class and was looking at dockly vs portainer, matching features. Portainer only let's users see and change the state of their OWN containers. I think I'll be using dockly on the admin side of things only, as you suggest.

commented

Cool, thanks!
And.. sounds awesome that you're teaching this in class ✨Goodluck!