diff --git a/security/userns/README.md b/security/userns/README.md index 284a6f8..fc725c9 100644 --- a/security/userns/README.md +++ b/security/userns/README.md @@ -35,7 +35,6 @@ You must perform this step while logged in as the **ubuntu** user. root 8715 0.0 1.0 352332 38820 ? Ssl 12:56 0:01 /usr/bin/dockerd -H fd:// ubuntu 8896 0.0 0.0 8216 2188 pts/0 S+ 13:45 0:00 grep --color=auto dockerd - ``` The first line shows the Docker daemon (**dockerd**). The second line shows the `ps` command you just ran. The first column of the first line shows that the Docker daemon is running as **root**. @@ -48,12 +47,11 @@ You must perform this step while logged in as the **ubuntu** user. ubuntu@node:~$ sudo docker run --rm alpine id Unable to find image 'alpine:latest' locally -latest: Pulling from library/alpine -e110a4a17941: Pull complete -Digest: sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a -Status: Downloaded newer image for alpine:latest -uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) - + latest: Pulling from library/alpine + e110a4a17941: Pull complete + Digest: sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a + Status: Downloaded newer image for alpine:latest + uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) ``` The last line of the output above shows that the container is running as root - `uid=0(root)` and `gid=0(root)`. @@ -186,7 +184,6 @@ In this step you'll see how to implement user namespaces. rm: remove 'sh'? y rm: can't remove 'sh': Permission denied - ``` The operation fails with a permission denied error. This is because the file you are trying to delete exists in the local filesystem of the Docker Host and the container does not have root access outside of the namespace that it exists in.