debianWIKI中提到docker的安全性问题,我没太明白,是不是说docker安装后需要做一些安全性设置才能用,否则会有很大的安全问题?
https://wiki.debian.org/Docker
Docker group membership is more dangerous than sudo
The Docker daemon has setUID root, and by design allows easy access as root to the host filesystem. This makes it trivial for a malicious user to read and alter sensitive system files, or for a careless user to allow a malicious containerized app to do so. Access to Docker commands effectively grants full root power.
Also, Docker doesn’t have any equivalent to sudo’s password check, which means that a successful arbitrary-code-execution exploit against a user who is in the docker group effectively grants the attacker root. Thus, the safer choice is to never add a user account — even your own — to the docker group, so that Docker commands can only be used via sudo.