Docker Privilege Escalation & User Namespace Remapping

If you think Docker Remapping protects you from privilege escalation, than you're wrong and misguided. The User Namespace Remapping feature isolates containers from the host by remapping user and group IDs to non-privileged IDs on the host. This prevents privilege escalation attacks FROM INSIDE containers by making sure that even if a process inside the container runs as the root user, it does not have root privileges on the host machine. That doesn't mean the person have access to host system can't priv-esc to root user. He can still mount or add new root user by running container in `--privileged` mode or via passing `--userns=host`. Solution: That means this feature is designed to prevent sandbox escape. So to avoid privilege escalation just don't add any user to `docker` group. Or you need to setup Apparmor, SeLinux or Seccomp to avoid docker from making specific system calls. ~ 👋 Drop by and say hi! Website: https://flarexes.com/ LinkedIn: https://www.linkedin.com/in/flarexes/ GitHub: https://github.com/flarexes Twitter: https://twitter.com/flarexes I hope you enjoyed or at least learnt something new!