Bug 1119278

Summary: [RFE] /usr/bin/docker should be split into smaller binaries
Product: Red Hat Enterprise Linux 7 Reporter: Jiri Jaburek <jjaburek>
Component: dockerAssignee: Daniel Walsh <dwalsh>
Status: CLOSED UPSTREAM QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dwalsh
Target Milestone: rcKeywords: Extras, FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-14 19:53:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Jaburek 2014-07-14 12:16:09 UTC 
Description of problem:

The /usr/bin/docker binary currently has 15MB and runs under root. For various security and audit-ability reasons, the binary should be split into smaller, at least two, parts - a privileged part (running under root) and an unprivileged part (running under an unprivileged user).

Version-Release number of selected component (if applicable):
docker-1.0.0-9.el7.x86_64
Comment 2 Daniel Walsh 2014-07-15 16:53:56 UTC 
This would have to be totally handled upstream.
Comment 3 Jiri Jaburek 2014-07-15 17:10:24 UTC 
FYI: This seems to be one of Docker's "end goals", as described in the Security section of the upstream documentation:

--------------------------------------------------------------------

The end goal for Docker is therefore to implement two additional security
improvements:

   - map the root user of a container to a non-root user of the Docker host,
     to mitigate the effects of a container-to-host privilege escalation;
   - allow the Docker daemon to run without root privileges, and delegate
     operations requiring those privileges to well-audited sub-processes,
     each with its own (very limited) scope: virtual network setup,
     filesystem management, etc.

--------------------------------------------------------------------

https://docs.docker.com/articles/security/
Comment 4 Daniel Walsh 2014-07-15 19:44:04 UTC 
The first one is about User Namespace.   The second one is potential, although I think this is very low on their priority list.
Comment 5 Daniel Walsh 2015-01-19 15:03:57 UTC 
This continues to be talked about upstream, but not sure there is any action on it.
Comment 6 Daniel Walsh 2015-04-14 19:53:05 UTC 
This needs to happen upstream.  We are looking at potential other tools like CoreOS and systemd-dkr.