Is installing Docker itself risky? (with- the possibility of creating docker groups) itself risky?

added 103 characters in body

Source Link

edited Apr 22, 2023 at 16:23

Johan

439
1
5
20

In figuring out how to manage python environments for projects, I am considering using Docker containers. I became aware the Debian wiki warns, like other online sources, about the risk of Docker groups. But I am less certain:

Does the mere possibility to create Docker groups, having installed Docker, per se pose risks?

In other words, if I do not create a group, or add myself to one (note: I am the only user), is there a risk of having Docker installed and use it for managing environments as suggested by the their blog?

But having several projects in progress in the same environment becomes quickly a problem as we may get into configuration or dependency conflicts. Moreover, when sharing a project with teammates we would need to also coordinate our environments. For this we have to define our project environment in such a way that makes it easily shareable.

A good way to do this is to create isolated development environments for each project. This can be easily done by using containers and Docker Compose to manage them.

edit: oops, I just found out I may have duplicated Is having docker installed a massive security hole?

In figuring out how to manage python environments for projects, I am considering using Docker containers. I became aware the Debian wiki warns, like other online sources, about the risk of Docker groups. But I am less certain:

Does the mere possibility to create Docker groups, having installed Docker, per se pose risks?

In other words, if I do not create a group, or add myself to one (note: I am the only user), is there a risk of having Docker installed and use it for managing environments as suggested by the their blog?

But having several projects in progress in the same environment becomes quickly a problem as we may get into configuration or dependency conflicts. Moreover, when sharing a project with teammates we would need to also coordinate our environments. For this we have to define our project environment in such a way that makes it easily shareable.

A good way to do this is to create isolated development environments for each project. This can be easily done by using containers and Docker Compose to manage them.

In figuring out how to manage python environments for projects, I am considering using Docker containers. I became aware the Debian wiki warns, like other online sources, about the risk of Docker groups. But I am less certain:

Does the mere possibility to create Docker groups, having installed Docker, per se pose risks?

In other words, if I do not create a group, or add myself to one (note: I am the only user), is there a risk of having Docker installed and use it for managing environments as suggested by the their blog?

But having several projects in progress in the same environment becomes quickly a problem as we may get into configuration or dependency conflicts. Moreover, when sharing a project with teammates we would need to also coordinate our environments. For this we have to define our project environment in such a way that makes it easily shareable.

A good way to do this is to create isolated development environments for each project. This can be easily done by using containers and Docker Compose to manage them.

edit: oops, I just found out I may have duplicated Is having docker installed a massive security hole?