docker/mariadb/mariadb_sudoers · 55e4b54e23e96f0baae0fc49817a25152843d36c · Very Demiurge Very Mindful / Kolla Ansible

"...kolla-ansible.git" did not exist on "b695c5d89ede6ffcc3fad48179ef88bd2a15d6fb"

9 years ago

Drop root privileges for mariadb · 4c9e15b9

Steven Dake authored 9 years ago

Drop root privileges for mariadb.  This isn't perfect.  If somemone
breaks out of the container and can run sudo within the contianer,
it would be possible to replace the root credentials of the database.

Any container that uses sudo suffers from some extra attack vector
related to the sudo command.  That said, the sudo commands are
locked down to minimize harm.

Change-Id: I4b3573725d940bb8aa90d43a6235d8cf7d30fc64
Partially-Implements: blueprint drop-root

4c9e15b9

History

Drop root privileges for mariadb

Steven Dake authored 9 years ago

Drop root privileges for mariadb.  This isn't perfect.  If somemone
breaks out of the container and can run sudo within the contianer,
it would be possible to replace the root credentials of the database.

Any container that uses sudo suffers from some extra attack vector
related to the sudo command.  That said, the sudo commands are
locked down to minimize harm.

Change-Id: I4b3573725d940bb8aa90d43a6235d8cf7d30fc64
Partially-Implements: blueprint drop-root