From f3765f96cfb37f6ea9f925f0d3174fe18c4152be Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 20 Mar 2014 09:08:52 +1000 Subject: [PATCH] add a link to the security documentation when we mention the docker group (or -G) Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/articles/security.rst | 2 ++ docs/sources/installation/binaries.rst | 3 ++- docs/sources/installation/ubuntulinux.rst | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/sources/articles/security.rst b/docs/sources/articles/security.rst index e738e9a847..ec2ab9bffd 100644 --- a/docs/sources/articles/security.rst +++ b/docs/sources/articles/security.rst @@ -82,6 +82,8 @@ when some applications start to misbehave. Control Groups have been around for a while as well: the code was started in 2006, and initially merged in kernel 2.6.24. +.. _dockersecurity_daemon: + Docker Daemon Attack Surface ---------------------------- diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst index bfdfbe211f..a070599338 100644 --- a/docs/sources/installation/binaries.rst +++ b/docs/sources/installation/binaries.rst @@ -77,7 +77,8 @@ always run as the root user, but if you run the ``docker`` client as a user in the *docker* group then you don't need to add ``sudo`` to all the client commands. -.. warning:: The *docker* group is root-equivalent. +.. warning:: The *docker* group (or the group specified with ``-G``) is + root-equivalent; see :ref:`dockersecurity_daemon` details. Upgrades diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst index 6998be8571..776090bff5 100644 --- a/docs/sources/installation/ubuntulinux.rst +++ b/docs/sources/installation/ubuntulinux.rst @@ -186,7 +186,7 @@ client commands. As of 0.9.0, you can specify that a group other than ``docker`` should own the Unix socket with the ``-G`` option. .. warning:: The *docker* group (or the group specified with ``-G``) is - root-equivalent. + root-equivalent; see :ref:`dockersecurity_daemon` details. **Example:**