shuttle-hq
[Feature]: use `sudo` to run `docker`
Describe the feature
The current Makefile assumes that the current user can run docker. This is only possible if the user is added to the docker group, which allows escalation to root privilages.
From https://wiki.archlinux.org/title/docker#Installation:
Warning: Anyone added to the docker group is root equivalent because they can use the docker run --privileged command to start containers with root privileges. For more information see [3] and [4].
Instead the Makefile should use sudo.
Suggestion or Example of how the feature would be used
No response
Duplicate declaration
- [X] I have searched the issues and this feature has not been requested before.
Thanks! I suppose it would be good to not force contributors to add their user to the docker group to contribute to shuttle. What do you think about this @iulianbarbu?
This is only possible if the user is added to the docker group, which allows escalation to root privilages.
There is also this docker mode of operation https://docs.docker.com/engine/security/rootless/ and it would be great to know how to run our Makefile in this mode.
Would be great to assess what commands from the Makefile need sudo and why, but using sudo instead of docker group approach would be welcomed.
I believe it's possible to develop shuttle in rootless mode using podman, but I haven't tried it out myself. If we could do it in docker too that would be cool, yeah!