Confused about security in apps in DockGE in EEL?

Are there specific security recommendations to run apps in DockGE?
DockGE was installed using the apps template and it runs in root:root. Is it possible to run stacks with restricted rights please? I normally specify a UID for each container in a compose file. Are there other things that I should do?

Thanks.

Docker runs as root, so I suppose its whole ecosystem is a security concern.
For more isolation you’d need to install your own rootless docker in a sandbox or VM.

1 Like

Yeah. I was afraid of that.

Of course Dockage runs as root, needs to spawn other containers, but you should take normal precautions/security things like not running as root, not adding priviliges, etc for anything running inside Dockage/Portainer, etc or even the Install via YAML functionally inside TrueNAS SCALE.

1 Like

I hoped we could have a rootless docker.

Basically would be complicated for most home users and the apps section isn’t covered by TrueNAS support, so it won’t be locked down to the level some people wish. People should run it in Jails or VMs to have that level of granular control