6 Jan
2017
6 Jan
'17
9:10 a.m.
On 01/06/2017 09:43 AM, Trishna Guha wrote:
On Fri, Jan 6, 2017 at 7:47 PM, Daniel J Walsh dwalsh@redhat.com wrote:
Make sure that you point out that ANY process on the client that can access the TLS certs now has FULL root on the server and can do anything it wants on it.
Sure I will mention it. Thanks. Another point that would be useful to add that we will want to give access of Docker daemon of server only to the specific client host that can be trusted.
Yes. BTW, docker never accepted higher level Authorization so that we could do better access controls. They believe this should be handled at the Orchestration level Kubernetes/OpenShift handle Roles Based Access Control, without having to expose docker remote socket access.