security: default fresh installs to rootless Docker
Containers now run unprivileged by default — a container breakout maps to a sub-UID, not host root. Rooted remains available as a legacy opt-in. Existing installs keep their current mode (config reconciliation is add-only); fresh installs get rootless. The rootless path already handles unprivileged ports (ip_unprivileged_port_start=0) and userns. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
7e7a7f524c
commit
c8e3a152a6
@ -1,7 +1,7 @@
|
||||
# ================================================================================
|
||||
# Docker - Container runtime installation and configuration **ADVANCED**
|
||||
# ================================================================================
|
||||
CFG_DOCKER_INSTALL_TYPE=rooted # Docker Installation Type - Security based setup rooted or rootless Docker installation [rooted|rootless]
|
||||
CFG_DOCKER_INSTALL_TYPE=rootless # Docker Installation Type - rootless (default, recommended): containers run unprivileged so a breakout isn't host root; rooted: legacy, containers run as root [rootless|rooted]
|
||||
CFG_DOCKER_INSTALL_USER=dockerinstall # Docker Install User - Username for Docker installation operations
|
||||
CFG_DOCKER_INSTALL_PASS=RANDOMIZEDPASSWORD2 # Docker Install Password - Password for Docker install user
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user