3

Will I increase my security level by running Firefox from inside a Docker container (XUbuntu) under a non root user?

Does it make sense to do so to protect against different kind of malware & browser holes?

Billal Begueradj
  • 162
  • 2
  • 3
  • 10
Vladimir Berlev
  • 263
  • 2
  • 8
  • I don't know if I should call it a duplicate, but [questions about Docker security](https://security.stackexchange.com/questions/110421/does-docker-provide-the-same-security-as-a-vm) *in general* should answer your question. – MiaoHatola May 07 '17 at 11:50

1 Answers1

2

Why not? It depends of the use your are going to do. In that way if you dowload something for example, it's going to be downloaded inside the container. It will be accessible from the host only if you specify a volume mount during docker run command. Doing that, any virus you download will be "sandboxed" inside the container.

But you must not forget that:

  • Containers are sharing kernel with host.
  • Even if you launched the container with a host non-root user, if RCE (Remote Command Execution) happens in anyway, is possible to escape from container to host.

So could be a good a idea but is not a 100% free of risks technique. It depends of the use you are going to do.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48