add: best practice for security when sharing host directories.

Closes and carries PR #15210 Updating with Seb's comment Signed-off-by: Mary Anthony <mary@docker.com>
2022-11-09 12:21:53 -05:00 · 2015-07-31 16:26:40 -05:00 · 2015-07-31 16:26:40 -05:00 · b0fd4f882f
commit b0fd4f882f
parent 96974170f8
1 changed files with 10 additions and 0 deletions
--- a/docs/userguide/dockervolumes.md
+++ b/docs/userguide/dockervolumes.md
@ -141,11 +141,21 @@ $ docker run -d -P --name web -v /src/webapp:/opt/webapp:ro training/webapp pyth
 Here we've mounted the same `/src/webapp` directory but we've added the `ro`
 option to specify that the mount should be read-only.

+Because of [limitations in the `mount`
+function](http://lists.linuxfoundation.org/pipermail/containers/2015-April/
+035788.html), moving subdirectories within the host's source directory can give
+access from the container to the host's file system. This requires a malicious
+user on the host with root access or with access to the Docker socket. Access to
+the Docker socket is equivalent to being privileged/root on the host. If your
+systems defines a `docker` group, be aware all its members have the necessary
+privileges to exploit this.
+
 >**Note**: The host directory is, by its nature, host-dependent. For this
 >reason, you can't mount a host directory from `Dockerfile` because built images
 >should be portable. A host directory wouldn't be available on all potential
 >hosts.

+
 ### Mount a host file as a data volume

 The `-v` flag can also be used to mount a single file  - instead of *just*