Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When you use a system-level daemon[0], the daemon has to have privileges to start a container as anyone (that is... root). In a daemon-less environment, you only need the privileges of the user who is starting the container.

[0] I suppose you could have a user-level daemon that runs for each user that needs to run containers, but that's even more overhead.



Docker does allow for daemonless execution, but as you say one daemon per user will add a bit of overhead.

There's some tradeoff I guess though, between rootful setup and per user, as images duplication per user could add up.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: