Docker 1.10, the latest version of the software containerization system, addresses one of its most long-standing criticisms.
Until now, containers have had to run as root under the Docker daemon, with various hair-raising (in)security implications. The solution in Docker 1.10 is a feature called user namespacing. Originally introduced as an experimental feature in version 1.9, it’s now generally available in version 1.10 along with a bundle of other improvements.
A safe space for your name
With user namespaces, privileges for the Docker daemon and container are handled separately, so each container can receive its own user-level privileges. Containers do not need root access on the host, although the Docker daemon still does.
To read this article in full or to leave a comment, please click here