On 01/06/2017 09:43 AM, Trishna Guha wrote: > On Fri, Jan 6, 2017 at 7:47 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> Make sure that you point out that ANY process on the client that can >> access the TLS certs now has FULL root on the server and can do anything >> it wants on it. > Sure I will mention it. Thanks. > Another point that would be useful to add that we will want to give > access of Docker daemon of server only to the specific client host > that can be trusted. > Yes. BTW, docker never accepted higher level Authorization so that we could do better access controls. They believe this should be handled at the Orchestration level Kubernetes/OpenShift handle Roles Based Access Control, without having to expose docker remote socket access. _______________________________________________ Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx
