October-22nd-2019, 12:57 PM
Well the security restrictions of netPI are clear with the special Docker ... independent of what a user would do in a container or configure "nonsense" things in the Docker Web GUI ... in no way he would get it managed to access to any file of the host Linux. This is different with standard Docker under Raspbian for example. There you can easily volume bind a host folder into a container and "destroy it.
But it is as usual ... security against freedom. One death you have to die. We decided for security and hence you need exaclty to know which /dev/ device is present and needs to be mapped. We had similar discussions like this one under https://forum.hilscher.com/Thread-Static...SB-devices.
But anybody using netPI is free to use his very own SD card with his image and put aside the default SD card. You could easily take a Raspbian image and run it, install Docker additionally and use containers in "privileged" mode and you have all devices mapped always as you need it.
Thx
Armin
But it is as usual ... security against freedom. One death you have to die. We decided for security and hence you need exaclty to know which /dev/ device is present and needs to be mapped. We had similar discussions like this one under https://forum.hilscher.com/Thread-Static...SB-devices.
But anybody using netPI is free to use his very own SD card with his image and put aside the default SD card. You could easily take a Raspbian image and run it, install Docker additionally and use containers in "privileged" mode and you have all devices mapped always as you need it.
Thx
Armin
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)